Did Your Bank Text You? It Could Be a Scam
When Kelli Hinton got a text message asking if she’d attempted to wire $7,500 out of her Chase Bank account, Kelli’s heart sank. After replying “NO” she quickly received a phone call from someone claiming to be a Chase Bank fraud investigator who convinced her to transfer her entire savings — over $15,000 — to a “safe” account [*].
But the whole thing was a scam. In a flash, Kelli’s life savings were gone.
Scammers know that fake bank text messages are a perfect ploy to use your fears of losing money against you. According to the Federal Trade Commission (FTC) [*]:
Americans lost over $330 million to text message scams in 2022 – with fake bank text messages being the most common scheme.
With scammers regularly targeting your bank account, it’s important to be able to tell a fake bank text message from a real one.
In this guide, we’ll explain how fake bank text message scams work, the most common warning signs and scams to look out for, and what to do if you’ve been a victim.
What Are Fake Bank Text Message Scams? How Do They Work?
Fake bank text messages are a type of smishing scam in which fraudsters use text messages to impersonate financial institutions and phish for sensitive information or trick victims into sending them money.
Scammers target their victims with fake fraud alerts, payment confirmations, or account suspensions. If you respond, they ask for bank account numbers, credit card numbers, or personally identifiable information (PII) to “fix the problem.”
Last year alone, Americans received 225 billion spam and robotexts — a 157% increase from 2021 [*].
While there are numerous types of fake bank text message scams, they all follow a similar pattern:
- Scammers send you a text message claiming to be from your bank. The message creates a sense of urgency by claiming that there was suspicious activity or that someone made a large purchase by accessing your account. As a result, the message claims, your account will be locked, suspended, or closed if you don’t act quickly.
- To secure your account, you’ll be asked to click on a link or call a number. Scammers know that most people will react quickly to a fraud alert from their bank — so they provide easy and legitimate-looking options for you to contact them.
- If you click on a link: You’ll be taken to a fake website that looks like your bank’s login page. When you type in your credentials, scammers steal them and gain access to your online bank account. Hackers may also embed links with malware, which allows them to spy on your online activity or steal sensitive data from your device.
- If you call a phone number: You’ll be connected to a scammer pretending to be from your bank’s fraud department. A “customer service representative” may ask you for your banking details and other personal information that they can use to drain your bank account or open lines of credit in your name.
- If you respond with YES, NO, STOP, or anything else: You’ll receive a call from an imposter. Replying indicates that you received the text message and are actively engaged with SMS. Knowing this, scammers will continue to target you, or may sell your “active” number on the Dark Web.
The bottom line: Scammers send millions of fake bank text messages a day — making them a serious threat to your safety. Consider protecting yourself (and your bank account) with Aura’s award-winning digital security solution.
How To Tell If a Bank Text Is Fake: 6 Warning Signs
While some fake text messages are obvious frauds with poor spelling and suspicious links, others are much harder to spot.
Modern scammers copy legitimate alerts that banks send via text messages to trick victims into replying. They may even spoof the bank’s phone number or use a believable email address to make you think it’s the real thing.
But upon further examination, scam text messages always have one or more telltale signs of fraud.
Here are six ways to identify a fake text message scam:
- It doesn’t come from your bank’s short code or number. If a bank texts you, it will come from a five or six-digit “short code.” For example, Chase Bank’s fraud department will only text you from 28107, 36640, or 72166 [*].
- It comes from an email address that looks like your bank’s address. Scammers send texts from email addresses to make them seem more legitimate. Your bank will not send you text messages from an email address.
- It includes strange phrasing and grammatical errors. Scammers randomly capitalize certain words, use bizarre punctuation, and may start a text with an odd salutation such as “Valued Customer.”
- The link is suspicious or shortened to hide where it’s taking you. Before you click on a link, double-check where it is taking you. Beware of Bitly or TinyURL links or links with jumbled variations of common web names (like “goo.gl”).
- The link takes you to a site that’s not on your bank’s official domain. If you do click on a link in a text message, make sure it hasn’t taken you to a fake website. For example, a Wells Fargo scam text may contain a link to “wellsfarrgo.com” or “welllsfargo.com.” (Note the misspellings of “wellsfargo.”)
- It’s from a bank you don’t use. Banks cannot send you any promotional materials unless you’ve opted in — and they certainly won’t alert you about fraud on accounts that don’t exist. If you get a fraud alert from a bank that you don’t use, it’s a scam.
Will a bank ever send you a text message?
Yes, banks will text you about legitimate fraud alerts. They may also send marketing communications or balance alerts via SMS if you’ve signed up for those notifications.
When communicating with customers, banks use specific short codes or numbers to signify that the text is from a real bank.
The exact digits may also refer to specific types of texts — for example, you may receive a text from one short code to notify you about a loan update and a text from a different short code regarding your account security.
Here are some short codes for fraud and security alerts used by some major banks:
- Chase: 28107, 36640, 72166
- Bank of America: 322632 (credit card security), 39989 (debit card security), 96264 (small business credit card), 86006 (check fraud), 55983 (banking security), 56433 (account takeover), 80814 (Zelle)
- Citibank: 95686
- Wells Fargo: 93557, 93733, 93729, or 93236
Pro tip: Beware of spoofed phone numbers. Scammers have ways of masking the true number they’re using to contact you. Always look for warning signs of a fake text message — even if it comes from a legitimate-looking phone number.
The 6 Most Common Fake Bank Text Messages To Watch For
- Your account has been locked
- There was a large purchase from your account
- Someone tried to log in to your bank account
- You need to update your account information
- Someone is sending you money
- Fake password reset of 2FA code text message
Understanding what fake bank text messages look like can help you detect scams before they can do any real harm to you or your family.
Here are some of the most common fake bank text message scams and the red flags to look out for:
1. Your account has been locked due to suspicious activity
In this type of text message scam, crooks use the fear of losing access to your bank account to get you to give up sensitive information — including your username and password.
The scam is simple: fraudsters claim that someone has illegally accessed your account and that it has been locked for your protection. In order to regain access, you’ll need to “verify” your identity or provide financial information.
If you click on the link, you’ll be taken to a fake website that looks like your bank’s login page. But any information that you enter will go straight to scammers, giving them full access to your bank account.
How to stay safe: Don’t click on links in text messages claiming to be from your bank. Instead, always log in to your account directly by using your bank’s mobile app or its official website. If there’s an issue with your account, you’ll see it when you try to access your account.
📚 Related: How To Protect Your Bank Account From Identity Theft →
2. There was a large purchase or transfer made from your account
In another common scam, fraudsters text you that someone has made a large purchase from a store like Amazon, Target, or Walmart — using your bank account.
The goal is to make you afraid that you’ll be on the hook for a fraudulent purchase. But replying, clicking on a link, or calling the phone number provided puts you one step closer to identity theft.
How to stay safe: Review all purchases by logging in to your bank account either via the bank’s mobile app or its official website. If you’re still unsure, call your bank’s fraud department to double-check.
📚 Related: How To Spot a Chase Phishing Email (5 Examples) →
3. Someone tried to log in to your bank account
Swindlers know that you’ll be alarmed if there’s suspicious activity on your account, so they use that to trick you into responding to their texts. Posing as your bank, they may say an unauthorized user attempted to log in to your bank account or that they’ve detected fraudulent activity.
Like other bank text message scams, these texts usually include a link to reactivate your account or a request to call customer support. Instead of resolving the “issue,” scammers extract your personal information.
How to stay safe: Again, verify any claims of fraud directly — either by logging in to your bank account or calling the customer service phone number listed on your bank’s website. A representative will be able to confirm whether there has been any fraudulent activity that you should worry about.
4. You need to update your account information
From time to time, banks will ask you to update personal details like your address, telephone number, email, or even income. However, they’ll never ask you to reveal that information via texts or email attachments.
Scammers send fake text messages that look like routine account maintenance, asking you to update your password. Other times, fraudulent texts claim there’s unusual activity on your account, and you need to update your information.
How to stay safe: Don’t take the bait. If a bank truly needs you to update your information, it will ask you to do so in person or via its secure online banking portal.
5. Someone is sending you money
It’s natural for you to feel excited if someone unexpectedly sends you money via Venmo, Zelle, or Cash App. But it’s almost certainly too good to be true — and the “deposit” link will take you to a scammer’s website.
If you’ve already signed up for these platforms, money sent to you will automatically be deposited into your account. Remember, you’ll only receive notifications if you’ve signed up to get them.
Note that grifters sometimes take the opposite approach, making you think someone else used a money transfer app on your account to send money to themselves or someone else.
How to stay safe: An easy way to confirm whether or not this is true is to check your bank or payment app to see if the transfer was really made. Also, never accept unexpected Zelle, Cash App, or Venmo transfers — as that’s part of a common scam which uses hacked accounts.
6. Fake password reset or 2FA code text messages
With rising cybersecurity concerns, banks are encouraging or requiring users to enable two-factor authentication (2FA) on their accounts. Unfortunately, scammers have picked up on this trend.
Some fake bank text messages ask for PIN numbers or prompt victims to reset their passwords using a link that goes to a fake website.
If the victims click on these links, they risk infecting their phones with malware or giving away their usernames and passwords.
How to stay safe: Never share passwords, PINs, or 2FA codes with anyone — even colleagues, friends, or family members. Scammers may have already hacked into their accounts and will use the information you give them to hack your accounts, too.
Did You Receive a Fake Bank Text?
The good news is that you’re not in immediate danger if you’ve only received or replied to a scam text. However, you should still take precautions to protect your account if you’ve given scammers any information.
Here’s what to do:
- Contact your bank’s fraud department. Share what happened and ask them to close your current accounts and cards. They will help you open new ones and send you brand-new cards.
- Freeze your credit. If you gave away any sensitive information (particularly your Social Security number), initiate a credit freeze with Experian, Equifax, and TransUnion. A credit freeze will prevent scammers from taking out loans or opening any new credit lines in your name. You may also want to set up continuous credit monitoring to catch other criminal activity.
- Report the scam. You should report unwanted calls or texts to the Federal Trade Commission (FTC) at DoNotCall.gov and file a complaint with the Federal Communications Commission (FCC).
- Scan your device for malware. First, disconnect your devices from your Wi-Fi and mobile network. Then, use antivirus software to detect and eliminate any harmful code. You should also take this opportunity to update your devices and apps to remove any security vulnerabilities in outdated software.
- Secure your other online accounts. Scammers can use your personal information to target other online accounts. Change passwords on all of your accounts — especially your online banking profile, social media, and email — and enable 2FA whenever possible.
- Download a Safe Browsing app. These identify (and stop you from going to) malicious sites. Using a secure, reliable virtual private network (VPN) can also hide your online activity from fraudsters.
- Consider signing up for a digital security provider that offers spam protection. Aura’s all-in-one intelligent safety app includes an AI-powered assistant that can automatically block spam or scam calls and texts. Try Aura free for 14 days.
Zoom out: Block suspicious phone numbers. If you’re an iPhone user, tap the “Delete and Report Junk” option to delete a suspicious text. If you’re an Android user, touch and hold the conversation, tap “Block,” and then tap “Report spam.”
How To Protect Yourself Against Fake Bank Text Messages
Fake bank text messages are a growing threat — and engaging with them in any way can put you and your bank account at risk.
Keep your accounts safe and avoid fake bank texts by:
- Using secure and unique passwords that hackers can’t guess or use to access other accounts.
- Enabling 2FA on your accounts to add another layer of protection against cybercriminals.
- Never giving out passwords, PINs, or one-time use codes that bad actors could use to drain your bank accounts or sell on the Dark Web.
- Not clicking on links in text messages so that you can avoid installing dangerous viruses or malware onto your phone.
- Getting familiar with your bank’s shortcodes to better identify, delete, and block scam texts before you accidentally divulge any information.
Even if you take all of these precautions, scammers can still infiltrate your accounts. And you don’t want to be stuck navigating identity theft on your own.
For added protection, consider signing up for Aura’s award-winning intelligent safety solution.
With Aura, you get top-rated identity theft protection with the industry’s fastest fraud alerts,3 AI-powered spam and scam call/text protection, a full suite of digital security tools for your cell phone and computer, 24/7 U.S-based White Glove Fraud Resolution support, and $1 million in identity theft insurance — all for a low monthly membership.