How To Spot a Fake Bank Text Message Scam

Did Your Bank Text You? It Could Be a Scam

When Kelli Hinton got a text message asking if she’d attempted to wire $7,500 out of her Chase Bank account, Kelli’s heart sank.

After replying “NO” she quickly received a phone call from someone claiming to be a Chase Bank fraud investigator who convinced her to transfer her entire savings — over $15,000 — to a “safe” account [*]. 

It was, in fact, a complete scam.

Over 40% of people who reported a text scam said the text impersonated a bank, was about a gift, delivery or job, or claimed to be from Amazon [*].

With scammers regularly assailing your bank account, it’s important to be able to tell a fake bank text message from a real one.

{{show-toc}}

How Do These Fake Bank Text Messages Work?

Fake bank text messages are a type of smishing where fraudsters use text messages to impersonate financial institutions and phish for sensitive information or dupe victims into sending them money. 

Scammers spritz their victims with fake fraud alerts, payment confirmations, or account suspensions.

If you respond, they ask for credit card or bank account numbers, or personally identifiable information (PII) to “fix the problem.”

Robotexts saw a 37% increase, while robocalls decreased by 25% in December — more evidence that SMS is a preferred method to con recipients [*].

While there are numerous types of fake bank text message scams, they all follow a similar pattern: 

1. Scammers send you a text message claiming to be from your bank. The message contrives a sense of urgency by claiming that there was suspicious activity or that someone made a large purchase from your account. As a result, the message asserts, your account will be locked, suspended, or closed if you don’t act quickly. 
2. To secure your account, you’re asked to click on a link or call a number. Scammers know that most people will react quickly to a fraud alert from their bank — so they provide easy and legitimate-looking options for you to contact them. 
3. You’re taken to a fake website that looks like your bank’s login page. When you type in your credentials, scammers steal them and gain access to your online bank account. Hackers may even secrete malware within these links, to spy on your online activity or steal sensitive data from your device. 
4. Or you're connected to a scammer pretending to be from your bank’s fraud department. A “customer service representative” may ask you for your banking details and other personal information that they can use to drain your bank account or open lines of credit in your name.
5. If you respond with YES, NO, STOP, or anything else, you receive a call from an imposter.  Replying indicates that you received the text message and are actively engaged with SMS. Knowing this, scammers will continue to target you, or may sell your “active” number on the Dark Web.

How To Tell If a Bank Text Is Fake: 6 Warning Signs

While some fake text messages are obvious frauds with mangled spelling and suspicious links, others are much harder to spot. 

Modern scammers copy legitimate alerts that banks send via text messages to trick victims into replying. They may even spoof the bank’s phone number or use a believable email address to make you think it’s the real thing.

But upon further examination, scam text messages always have one or more telltale signs of fraud. 

Here are six ways to identify a fake text message scam: 

1. It doesn’t come from your bank’s short code or number. If a bank texts you, it will come from a five or six-digit “short code.” For example, Chase Bank’s fraud department will only text you from 28107, 36640, or 72166 [*].
2. It comes from an email address that looks like your bank’s address. Scammers send texts from email addresses to make them seem more legitimate. Your bank will not send you text messages from an email address.
3. It includes strange phrasing and grammatical errors. Scammers often use random capitalization, unusual punctuation, and may begin a text with generic greetings like "Dear Valued Customer."
4. The link is suspicious or shortened to hide where it’s taking you. Before you click on a link, double-check where it is taking you. Beware of Bitly or TinyURL links or links with jumbled variations of common website names (like “goo.gl”).
5. The link takes you to a site that’s not on your bank’s official domain. If you do click on a link in a text message, make sure it hasn’t taken you to a fake website. For example, a Wells Fargo scam text may contain a link to “wellsfarrgo.com” or “welllsfargo.com.” (Note the misspellings of “wellsfargo.”)
6. It’s from a bank you don’t use. Banks cannot send you any promotional materials unless you’ve opted in — and they certainly won’t alert you about fraud on accounts that don’t exist. If you get a fraud alert from a bank that you don’t use, it’s a scam. 

Will a bank ever send you a text message?

Yes, banks will text you about legitimate fraud alerts. They may also send marketing communications or balance alerts via SMS if you’ve signed up for those notifications.

When communicating with customers, banks use specific short codes or numbers to signify that the text is from a real bank. 

The exact digits may also refer to specific types of texts — for example, you may receive a text from one short code to notify you about a loan update and a text from a different short code regarding your account security.

Here are some short codes for fraud and security alerts used by some major banks:

• Chase: 28107, 36640, 72166
• Bank of America: 322632 (credit card security), 39989 (debit card security), 96264 (small business credit card), 86006 (check fraud), 55983 (banking security), 56433 (account takeover), 80814 (Zelle)
• Citibank: 95686
• Wells Fargo: 93557, 93733, 93729, or 93236

Note: Beware of spoofed phone numbers. Scammers have ways to mask or hide the true number they’re using to contact you (such as by using restricted phone numbers). Always look for signs of fraud — even if it comes from a legitimate-looking phone number. 

The 6 Most Common Fake Bank Text Messages To Watch For

1. Your account has been locked
2. There was a large purchase from your account
3. Someone tried to log in to your bank account
4. You need to update your account information
5. Someone is sending you money
6. Fake password reset

1. Your account has been locked due to suspicious activity

In this type of text message scam, crooks dangle the fear of losing access to your bank account to get you to relinquish sensitive information — including your username and password. 

The scam is simple: fraudsters claim that someone has illegally accessed your account and that it has been locked for your protection.

In order to regain access, you’ll need to “verify” your identity or provide financial information.

If you click on the link, you’ll be taken to a fake website that looks like your bank’s login page. But any information that you enter will go straight to scammers, giving them full access to your bank account. 

How to stay safe: Don’t click on links in text messages claiming to be from your bank. Instead, always log in to your account directly by using your bank’s mobile app or its official website. If there’s an issue with your account, you’ll see it when you try to access your account.

📚 Related: How To Protect Your Bank Account From Identity Theft →

2. There was a large purchase or transfer made from your account

In another common scam, fraudsters notify you of an apparent large purchase from a store like Amazon, Target, or Walmart — using your bank account.

The goal is to make you afraid that you’ll be held responsible for a fraudulent purchase. But replying, clicking on a link, or calling the phone number provided puts you one step closer to identity theft.

How to stay safe: Review all purchases by logging in to your bank account either via the bank’s mobile app or its official website. If you’re still unsure, call your bank’s fraud department to double-check.

📚 Related: How To Spot a Chase Phishing Email (5 Examples) →

3. Someone tried to log in to your bank account

Swindlers know that you’ll be alarmed if there’s suspicious activity on your account, so they use that to trick you into responding to their texts.

Posing as your bank, they may say an unauthorized user attempted to log in to your bank account or that they’ve detected fraudulent activity.

Like other bank text message scams, these texts usually include a link to reactivate your account or a request to call customer support. Instead of resolving the “issue,” scammers excise your personal information.

How to stay safe: Again, verify any claims of fraud directly — either by logging in to your bank account or calling the customer service phone number listed on your bank’s website. A representative will be able to confirm whether there has been any fraudulent activity that you should worry about.

4. You need to update your account information

From time to time, banks will ask you to update personal details like your address, telephone number, email, or even income. However, they’ll never ask you to reveal that information via texts or email attachments. 

Scammers send fake text messages that look like routine account maintenance, asking you to update your password.

Other times, fraudulent texts claim there’s unusual activity on your account, and you need to update your information.

How to stay safe: Don’t take the bait. If a bank truly needs you to update your information, it will ask you to do so in person or via its secure online banking portal.

📚 Related: Is It Safe To Link Bank Accounts? 7 Risks To Know →

5. Someone is sending you money

It’s natural to be curious if someone unexpectedly sends you money via Venmo, Zelle, or Cash App. But it’s almost certainly too good to be true — and the “deposit” link will take you to a scammer’s website. 

If you’ve already signed up for these platforms, money sent to you will automatically be deposited into your account. Remember, you’ll only receive notifications if you’ve signed up to get them.

Note that grifters sometimes take the opposite approach, making you think someone else used a money transfer app on your account to send money to themselves or someone else.

How to stay safe: An easy way to confirm whether or not this is true is to check your bank or payment app to see if the transfer was really made. Also, never accept unexpected Zelle, Cash App, or Venmo transfers.

📚 Related: How To Spot a Citibank Phishing Email (With Examples) →

6. Fake password reset or 2FA code text messages

Banks now encourage or require users to enable two-factor authentication (2FA) on their accounts. Unfortunately, scammers have picked up on this trend.

Some fake bank text messages ask for PINs or prompt victims to reset their passwords using a link that goes to a fake website. 

If the victims click on these links, they risk infecting their phones with malware or giving away their usernames and passwords.

How to stay safe: Never share passwords, PINs, or 2FA codes with anyone — even coworkers, friends, or family members. Scammers may have already hacked into their accounts and will use the information you give them to hack your accounts, too.

Did You Receive a Fake Bank Text?

You’re not in immediate danger if you’ve only received or replied to a scam text. However, you should still take precautions to protect your account if you’ve given scammers any information. 

Here’s what to do: 

• Contact your bank’s fraud department. Share what happened and ask them to close your current accounts and cards. They will help you open new ones and send you brand-new cards.
• Freeze your credit. If you gave away any sensitive information (particularly your Social Security number), initiate a credit freeze with Experian, Equifax, and TransUnion. A credit freeze will prevent scammers from taking out loans or opening any new credit lines in your name. You may also want to set up continuous credit monitoring to catch other criminal activity.
• Report the scam. You should report unwanted calls or texts to the Federal Trade Commission (FTC) at DoNotCall.gov and file a complaint with the Federal Communications Commission (FCC).
• Scan your device for malware. First, disconnect your devices from your Wi-Fi and mobile network. Then, use antivirus software to detect and eliminate any harmful code. Also update your devices and apps to remove any security vulnerabilities in outdated software.
• Secure your other online accounts. Scammers can use your personal information to target other online accounts. Change passwords on all of your accounts — especially your online banking profile, social media, and email — and enable 2FA whenever possible.
• Download a Safe Browsing app. These identify (and stop you from going to) malicious sites. Using a secure, reliable virtual private network (VPN) can also hide your online activity from fraudsters.
• Consider signing up for spam protection. Aura’s all-in-one intelligent safety app includes an AI-powered assistant that can automatically block spam or scam calls and texts. Try Aura free for 14 days. 

Zoom out: Block suspicious phone numbers. If you’re an iPhone user, tap the “Delete and Report Junk” option to delete a suspicious text. If you’re an Android user, touch and hold the conversation, tap “Block,” and then tap “Report spam.” 

How To Protect Yourself Against Fake Bank Text Messages

Keep your accounts safe and avoid fake bank texts by:

• Using secure and unique passwords that hackers can’t guess or use to access other accounts.
• Enabling 2FA on your accounts to add another layer of protection against cybercriminals.
• Never giving out passwords, PINs, or one-time use codes that bad actors could use to drain your bank accounts or sell on the Dark Web.
• Not clicking on links in text messages so that you can avoid installing dangerous viruses or malware onto your phone.
• Getting familiar with your bank’s short codes to better identify, delete, and block scam texts before you accidentally share any information.

For added protection, consider signing up for Aura’s digital safety app. 

With Aura, you get top-rated identity theft protection with the industry’s fastest fraud alerts,³ AI-powered spam and scam call/text protection, a full suite of digital security tools for your cell phone and computer, 24/7 U.S-based White Glove Fraud Resolution support, and $1 million in identity theft insurance — all for a low monthly membership. 

Keep your bank account safe from scammers. Try Aura free for 14 days.