Is it safe to click a link in a text message that appears to be from my bank?
Bank impersonation SMS messages are extremely common. Even if the message appears in the same thread as previous genuine bank texts, you should not click the link — navigate to your banking app or official website directly instead.
Last reviewed: 10 June 2026
Explanation
SMS sender names can be spoofed. This means a fraudulent text message can display 'HSBC', 'Barclays', 'Chase', or any other bank name in the sender field, and on some devices will even appear in the same conversation thread as previous genuine messages from that bank. The technology to do this is widely available.
The messages typically claim that unusual activity has been detected on your account, that a payment has been blocked, or that you need to verify your details to restore access. The link leads to a convincing fake online banking login page. When you enter your credentials, they go directly to the fraudster who may use them immediately to access your real account.
Your bank's app provides the safest access channel: it authenticates against the bank's genuine servers and is not susceptible to the domain impersonation that makes fake websites convincing. If you do not have the app, navigate to the official website by typing it directly into your browser, not by clicking any link.
If you receive an alarming banking text and want to verify whether there is a real issue, call the number on the back of your card — not any number provided in the text.
Common red flags
- The text creates alarm about a payment, suspicious activity, or account block
- You are directed to click a link to verify, confirm, or restore access
- The link goes to a domain that is not your bank's exact official domain
- The text asks for your full card number, PIN, or password
- You were not expecting any issue with your account
What to do now
- Do not click the link
- Open your banking app directly or type your bank's address into the browser
- If you see no genuine issue in your account, the text was fraudulent — report it to your bank
- If you already entered credentials via a link, call your bank immediately on the official number
- Forward the fraudulent text to 7726 (SPAM) in the US and UK
Frequently asked questions
If the text is in the same thread as real bank messages, does that mean it is genuine?
No. SMS sender ID spoofing can insert fraudulent messages into existing conversation threads. The position in the thread is not evidence of authenticity. Always verify through your app or official website.
My bank says it will never send links — but I have received links from them before. Which is right?
Banks have varying policies on this. Some do send links in legitimate messages. The safest habit regardless of your bank's policy is to navigate directly to the app or website rather than following any link — this eliminates the risk entirely.