/ Scams

Scam alert: fake Barclays ‘unusual payee request’ text

We’ve been made aware of a scam text message targeting Barclays customers by directing them to a fake website. Here’s what you need to look out for.

Fake text messages posing as banks are nothing new – last year we saw a huge rise in the number of people reporting that they’ve received one purporting to be from Halifax.

But this one using Barclays to target victims features another twist to be wary of: it’s managed to successfully drop into people’s inboxes with the sender set as the bank itself:

These types of ‘smishing’ attempts work by rushing people into visiting a fake website, which can go on to request and steal sensitive information, such as bank details. In this case, its victims will alarmed to read that an ‘unusual payee request’ has been ‘flagged’ on their account.

Fortunately some web browsers, such as Chrome in the below example, will warn you that the site is illegitimate:

However, there’s no guarantee that everyone will receive a similar warning, and some may believe these convincing phishing sites to be genuine.

Spotting and reporting smishing scams

After reporting the fake text to the National Cyber Security Centre (report@phishing.gov.uk), we made Barclays aware of the text. It told us:

“We work closely with the telecommunications industry to support them on preventative measures. We have been, and continue to be, part of an ongoing industry-wide trial to combat ‘smishing’ activity.

The SMS SenderID Protection Registry allows businesses using SMS to register and protect the message headers used when sending text messages to their customers. Over the last two years, the working group has seen a significant drop in fraudulent messages being sent to UK consumers of participating merchants.

We urge customers to pay close attention to the warnings we provide when making payments as these are designed to help protect them against fraud and scams”

Barclays also said that it will never send a text and ask you to click on a link.

If you think you may have handed over your card details to scammers, you should let your bank know what’s happened immediately.

Guide: How to get your money back after a scam

If you’re not sure if contact from a bank is genuine, get in touch with it directly via its official channels to verify the correspondence before you take any action.

Have you received this fake Barclays text or others purporting to be from different banks? Let us know in the comments, and help spread the word to warn friends and family.

Comments
Dave White says:
13 February 2021

Had one of these from Lloyds earlier this week. It looked very similar to the example. I logged onto my account from the genuine Lloyds website to check my payees and everything was fine. I would have reported this to Lloyds but there seems no way to do this for text scams. I have blocked the sender.

Bill Bishop says:
13 February 2021

Can these scams be traced back to their origin and any action be taken. I assume that such scams are worldwide and not just in the UK.

Dr. Sadek says:
13 February 2021

I also received a bank scam text from HSBC to a mobile number not registered with the bank. A friend even received the same from a bank she does not have an account with.

I have recently had two text messages from Halifax and LLoyds, neither of whom I have accounts with, both saying they had payment request and to click the link to say if it was from me or not.

John Bendle says:
13 February 2021

I had a text purporting to be from the GPO saying they were holding an undelivered parcel for me, and asking for £2.99 as a second delivery charge! Also wanting to know date of birth and lots of other information as well. I just deleted it but I am still not sure whether it was genuine or not.

Hang on a mo – the GPO doesn’t exist anymore; it’s Royal Mail!
And they would never ask for a charge to redeliver, they just stick a nasty card though your door and ask you to go and collect at the Sorting Office.

It is a scam, the URL gives this one away, apart from the fact that RM do not act in this way by sending emails of this type, it would be a card delivered by your postman.

Richard Abel says:
13 February 2021

I had the same text. Very convincing. But the url was missing final .uk. And going to Parcel force separately and using that reference number showed no parcel. Like you say asking for too much personal info.

Susanne Loggie says:
13 February 2021

I had the same text and nearly fell for it. I rang Royal Mail and they confirmed that this was a scam. They said that the postman will always put a grey card through the post box if there is extra postage or customs duty on an item, then you can arrange to pay it on the Royal Mail official site. They confirmed that to rearrange delivery of an item is free and that they would never send a text message with a link. When I checked the tracking number the parcel on the Royal Mail site, the parcel didn’t exist.

How on earth would Royal Mail, or any other mail carriers for that matter, have a record of residents’ e-mail addresses or mobile phone numbers?

I think the proliferation of these scams shows that the public are becoming much wiser nowadays and are not falling for these tricks, hence the perpetrators are getting more and more desperate in their attempts to catch us out. They must take us for fools, but I suppose so long as they get a few ‘hits’ a day, and can keep up the payments to Mr Big, they can survive.

The Mr Big’s will also continue to devise new ways of exploiting any state of jeopardy including phony ones [“undelivered mail”, “unverified bank transactions”, “Covid vaccinations”] and keep a room full of poor saps eager to earn a humble crust by doing their rotten cold-calling for them.

Scam I have had a number over recent weeks

Glennis Leech says:
13 February 2021

We had one on Thursday 11 Feb. the usual patter £ 600 has been take from your Barclays Bank account. recorded message , checked the number 02089955100

I have had two texts on the 8th and 10th of February supposedly from Lloyds Bank, with a similar message that someone has set up a new payee on my account (I do not have a Lloyds Bank Account) It had the sender’s mobile number on the top of the message.

Amazon Prime: a recorded message for which I normally hang up immediately, the last time being yesterday, also Amazon Prime. Out of curiosity I went along with the cancellation option and was passed to an operative with a very thick foreign accent who was insisting that I had to go on to my computer to officially cancel the order, worth about £300. I played along until she asked me to type in A, N, Y…. (which I didn’t). I knew from a previous experience (from which I learned a lot but lost no money) that it was going to be “anydesk” which would have let her into my computer; I ended the call immediately having confirmed my suspicions. I hope this will be of help to others. Des

Just had a text from mobile number +44 7717254284 supposedly from HSBC saying a new payee had been registered. Text reads: ” HSBC: A New Payee request was created from an unrecognised device. You can Authorise or Cancel this request via: https://hsbc.payees-submit.com/requests/

Lots of phone calls saying problems with my Amazon Prime account ……dont have an account !!!
Another saying my Insurance cover for my Sky box needs renewing….never had insurance & you dont need an insurance for Sky.

Richard Firth says:
13 February 2021

Two in recent days – HSBC text (no account) and Royal Mail email (undelivered parcel, asking for £2.99 and a lot of personal information.

Richard

I’ve been getting Norton renewal notices sent from at least 3 e-mail addresses – not Norton as my subscription is not due for some months. Two were just plain e-mails – one copied the Norton page from their advisory e-mails

I had two calls on my phone recorded message stating they had a tax fraud against me bad must press 1 If I didn’t press 1 a warrant would go out for my arrest.

Philip Cohen says:
13 February 2021

Me too. Sounds very authentic until the unrealistic threat.

Suzanne says:
13 February 2021

I got one purporting to be from Lloyds, who I do bank with. There were various clues it was a fake, such as the url I was supposed to click on, but it still rattled me. I did report it to Lloyds, who said they’d had a number reported to them.

The banks don’t care and neither do the police.

Somebody opened a Barclays Ping-It account in my name. Barclays wrote to me months after the account was opened to tell me they were closing the account as no payments had been made. They also informed me that I would never be able to be a Braclays customer in the future. (A good thing in my mind)
A few weeks later I received a letter from a maintenance company offering me a contract to service a large fridge/freezer I had purchased for delivery to an address in Leicester – I live in Hertfordshire.
I informed Barclays of the letter, the company, and Mr Lestor’s address (Yes! Mr Lestor of Leicester) and phone number. I was told by the bank and police to forget it and not ring the number on the letter. Then it started.
To cut a long story short five credit cards were open in my name.
This ended with my daughter phoning the police when she saw somebody going through my locked post box in my porch after our local postie had delivered. When she rang the police she was asked if she had seen them take anything. She replied no, and was told that there was nothing the police could do!!!!
The following day my post box contained two credit cards in myself and my wifes name. In another envelope delivered at the same time were the pin numbers.
I spoke with The Bank Of Scotland regarding a letter they sent me reporting suspicious behaviour of someone attempting to open an account in my name. They were most helpful and placed my wife’s and my name on a register.
I cannot remember the name of the register but everything stopped from that point.

Philip Cohen says:
13 February 2021

Probably CIFAS a fraud reporting organisation for the Credit Card Industry

How can these scammers, and others for that matter, utilise the UK CLI’s and get away with it?
And, what are OFCOM doing about it??

I feel so left out. I hardly get any of these scam emails and text messages. Could it be because I rarely use social media, dont have a facebook profile, dont (knowingly) use google, twitter, whats app, instagram etc.? Or is it because I delete cookies, data and history several times per day, use Ghostery, Cookie Auto Delete, Privacy Possum and use masked emails?

Philip Cohen says:
13 February 2021

Don’t do any of that but after a career of over 40 years in credit cards I have an eye for scams and attempted fraud. I find bad grammar or spelling usually fails them. Not something that many of the younger generations are too good at.

Chris Kane says:
13 February 2021

Had one saying it was from Barclays. Said there was a payment for £900 waiting to be authorised. I was to press 1 to pay this amount. Did not do this. I phoned Barclays to check and alert them, they said it was not them and that I did the right thing and if I receive anymore like this to let them know. I never press anything to authorise anything from any company, I always check with the company first.

Kay Speak says:
13 February 2021

Hi. I’ve received two. One purporting to be from HSBC (mobile number +447904562154) with the message “HSBC: A payment was attempted from . . .”; and one from Lloyds (mobile number +447825870047) with the message “LLOYDS ALERT: A new payee has been linked in your app.”
Fortunately I don’t have an HSBC a/c so straight away I knew that it was a scan; however, I had set up a new Lloyds payee a couple of days before via my PC. And I’d made a payment to that payee the day before, so I could easily have been sucked in to the scan if it wasn’t for the fact that I don’t have the Lloyds app – and will never use my mobile phone to make financial transactions.
Hope these despicable individuals get caught and are appropriately punished.

Margaret Geatches says:
13 February 2021

I had a Halifax text re “ a payment was attempted from a new device on 11/02 at 17.36, if this was not you…….”
I do not have a Halifax account.

Am I being naive, but is there no way that a dodgy site that the link refers to like this, can be immediately closed down?