/ Scams

Scam alert: fake Barclays ‘unusual payee request’ text

We’ve been made aware of a scam text message targeting Barclays customers by directing them to a fake website. Here’s what you need to look out for.

Fake text messages posing as banks are nothing new – last year we saw a huge rise in the number of people reporting that they’ve received one purporting to be from Halifax.

But this one using Barclays to target victims features another twist to be wary of: it’s managed to successfully drop into people’s inboxes with the sender set as the bank itself:

These types of ‘smishing’ attempts work by rushing people into visiting a fake website, which can go on to request and steal sensitive information, such as bank details. In this case, its victims will alarmed to read that an ‘unusual payee request’ has been ‘flagged’ on their account.

Fortunately some web browsers, such as Chrome in the below example, will warn you that the site is illegitimate:

However, there’s no guarantee that everyone will receive a similar warning, and some may believe these convincing phishing sites to be genuine.

Spotting and reporting smishing scams

After reporting the fake text to the National Cyber Security Centre (report@phishing.gov.uk), we made Barclays aware of the text. It told us:

“We work closely with the telecommunications industry to support them on preventative measures. We have been, and continue to be, part of an ongoing industry-wide trial to combat ‘smishing’ activity.

The SMS SenderID Protection Registry allows businesses using SMS to register and protect the message headers used when sending text messages to their customers. Over the last two years, the working group has seen a significant drop in fraudulent messages being sent to UK consumers of participating merchants.

We urge customers to pay close attention to the warnings we provide when making payments as these are designed to help protect them against fraud and scams”

Barclays also said that it will never send a text and ask you to click on a link.

If you think you may have handed over your card details to scammers, you should let your bank know what’s happened immediately.

Guide: How to get your money back after a scam

If you’re not sure if contact from a bank is genuine, get in touch with it directly via its official channels to verify the correspondence before you take any action.

Have you received this fake Barclays text or others purporting to be from different banks? Let us know in the comments, and help spread the word to warn friends and family.

Comments
Dr S E Blackall says:
4 May 2021

Just received a text supposedly from HSBC saying I’d made a payment to Mr Jones and asking me to click on a link, but I’m not an HSBC customer. I looked up the phone number on a reverse ID site and it told me it was a private number. Clearly a scam

I have just received a text saying “HSBC FRAUD ALERT” followed by details of an alleged payment I have made to Mr C Jones for £240.00. Link is to https://security.hs-review-newpayee.com

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Denise Galvan says:
10 May 2021

It is impetarative that we all join forces and stip these scamners

Anthony North says:
12 May 2021

I would just like to have an email address to which I could send details of scams. Several organisations have a ‘phishing’ email address, but, instead of having to remember each one, a single national email address could be used; including the telephone numbers from which messages seem to have come.

Alan Cooper says:
12 May 2021

Have received similar messages to the Barclays one purportedly coming from Lloyds and also HSBC

Pluto says:
16 May 2021

This itself appears to be helpful & genuine,BUT HOW CAN WE EVER TRUST OR RELY ON ANY SAFETY OR ASSURANCE IN THESE DAMN FRAUDSTERS WHICH ARE MOE TEXTED SAVVY THAN US ????

Pluto – Just ignore and delete any texts or e-mails you get about anything to do with banking. Banks never communicate in that way.