/ Scams

Scam alert: fake Barclays ‘unusual payee request’ text

We’ve been made aware of a scam text message targeting Barclays customers by directing them to a fake website. Here’s what you need to look out for.

Fake text messages posing as banks are nothing new – last year we saw a huge rise in the number of people reporting that they’ve received one purporting to be from Halifax.

But this one using Barclays to target victims features another twist to be wary of: it’s managed to successfully drop into people’s inboxes with the sender set as the bank itself:

These types of ‘smishing’ attempts work by rushing people into visiting a fake website, which can go on to request and steal sensitive information, such as bank details. In this case, its victims will alarmed to read that an ‘unusual payee request’ has been ‘flagged’ on their account.

Fortunately some web browsers, such as Chrome in the below example, will warn you that the site is illegitimate:

However, there’s no guarantee that everyone will receive a similar warning, and some may believe these convincing phishing sites to be genuine.

Spotting and reporting smishing scams

After reporting the fake text to the National Cyber Security Centre (report@phishing.gov.uk), we made Barclays aware of the text. It told us:

“We work closely with the telecommunications industry to support them on preventative measures. We have been, and continue to be, part of an ongoing industry-wide trial to combat ‘smishing’ activity.

The SMS SenderID Protection Registry allows businesses using SMS to register and protect the message headers used when sending text messages to their customers. Over the last two years, the working group has seen a significant drop in fraudulent messages being sent to UK consumers of participating merchants.

We urge customers to pay close attention to the warnings we provide when making payments as these are designed to help protect them against fraud and scams”

Barclays also said that it will never send a text and ask you to click on a link.

If you think you may have handed over your card details to scammers, you should let your bank know what’s happened immediately.

Guide: How to get your money back after a scam

If you’re not sure if contact from a bank is genuine, get in touch with it directly via its official channels to verify the correspondence before you take any action.

Have you received this fake Barclays text or others purporting to be from different banks? Let us know in the comments, and help spread the word to warn friends and family.

Comments

Just received a one from Lloyds asking to confirm new payee. I’m not a Lloyds customer!

Brad says:
30 March 2021

Just had one from Nationwide and I don’t bank with them. K Adams was named as the new payee.

Lisa Lang says:
6 April 2021

Me too

Gabrielle Goodchild says:
30 March 2021

I got something similar – a text on my mobile supposedly from HSBC

Val Middleton says:
6 April 2021

Me too!

Bob says:
1 April 2021

I received a message on my mobile @ 13.52 on 1/4/21 from HSBC regarding a new payee request. I do not bank with HSBC. I was instructed if this was not me a to visit a https address stated in the message. Tried to report this supposed scam to HSBC but was unsuccessful.

Mike says:
11 April 2021

I’ve had the same today, ignored

JENNY JARVIS says:
1 April 2021

I have received 3 fake messages supposedly from HSBC saying withdrawals have been attempted and to go to a link to stop them. I don’t bank with HSBC.

Roger Felgate says:
2 April 2021

I have recently received multiple texts from “HSBC” advising that a payment from my account has been attempted using an unknown device. I don’t bank with HSBC so knew it was a scam. The latest text came from “Santander” stating that a new device pairing has been set up on my account. Each text came from a different number starting +447 and contains a website link to respond to. I do not click on the link but forward each text to 7726 – the reporting point for suspected scam texts.

Michael says:
2 April 2021

I had one from “HSBC”. Now I only use my mobile for receiving codes for on line banking, so my number will be known only to a few banks. I wonder how they got hold of the number or if they just generate random numbers.

Sylvia Helliwell says:
2 April 2021

Just received text from Lloyds bank new payee as successfully paired onto your account i am a Lloyds customer but knew they ring you if you set up a new payee on your account.