We’ve been made aware of a scam text message targeting Barclays customers by directing them to a fake website. Here’s what you need to look out for.
Fake text messages posing as banks are nothing new – last year we saw a huge rise in the number of people reporting that they’ve received one purporting to be from Halifax.
But this one using Barclays to target victims features another twist to be wary of: it’s managed to successfully drop into people’s inboxes with the sender set as the bank itself:
These types of ‘smishing’ attempts work by rushing people into visiting a fake website, which can go on to request and steal sensitive information, such as bank details. In this case, its victims will alarmed to read that an ‘unusual payee request’ has been ‘flagged’ on their account.
Fortunately some web browsers, such as Chrome in the below example, will warn you that the site is illegitimate:
However, there’s no guarantee that everyone will receive a similar warning, and some may believe these convincing phishing sites to be genuine.
Spotting and reporting smishing scams
After reporting the fake text to the National Cyber Security Centre (firstname.lastname@example.org), we made Barclays aware of the text. It told us:
“We work closely with the telecommunications industry to support them on preventative measures. We have been, and continue to be, part of an ongoing industry-wide trial to combat ‘smishing’ activity.
The SMS SenderID Protection Registry allows businesses using SMS to register and protect the message headers used when sending text messages to their customers. Over the last two years, the working group has seen a significant drop in fraudulent messages being sent to UK consumers of participating merchants.
We urge customers to pay close attention to the warnings we provide when making payments as these are designed to help protect them against fraud and scams”
Barclays also said that it will never send a text and ask you to click on a link.
If you think you may have handed over your card details to scammers, you should let your bank know what’s happened immediately.
If you’re not sure if contact from a bank is genuine, get in touch with it directly via its official channels to verify the correspondence before you take any action.
Have you received this fake Barclays text or others purporting to be from different banks? Let us know in the comments, and help spread the word to warn friends and family.