Warning released over fake TSB and HSBC ‘smishing’ texts – here’s how to spot them

Warning released over fake TSB and HSBC ‘smishing’ texts – here’s how to spot them
Smishing is when fraudsters obtain personal details of a victim via SMS text messages (Photo: Shutterstock)

Smartphone users should keep an eye out for text messages from scammers posing as well-known banks, according to Action Fraud.

The fraud and cyber reporting centre says it has seen instances where fraudsters have pretended to be from a victim’s bank in order to try and defraud them.

“Most recently, we put out an alert about fraudsters sending out fake text messages and phishing emails claiming to be from TSB, though we have seen in the past messages from fraudsters purporting to be from other banks, including HSBC,” said Tom Keating, Media and Communications Officer for Action Fraud.

“This type of fraud is known as smishing.”

What is ‘smishing’?

Smishing is when fraudsters obtain personal details of a victim via SMS text messages. Scammers can go on to use this personal information to commit fraud.

What the scam messages look like

A recently received text from someone posing as HSBC included the following message: “We’ve placed temporary restrictions on your account for added security. Follow the secure link to lift your restrictions.”

An example of a smishing message
An example of a smishing message

A clickable web link was included at the end of the message.

Sent from an unknown mobile number, the dramatic wording of this message is intended to worry the recipient into clicking the link. Once clicked, the link may download malware onto your device, or take you to a website that will ask for personal details that could be used to defraud you.

How to protect yourself

Don’t assume an email or text is authentic.

Always question uninvited approaches in case it’s a scam. Phone numbers and email addresses can be spoofed, so always contact the company directly via a known email or phone number (such as the one on the back of your bank card).

Clicking on links or files

Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password.

Report it

If you think you have received a phishing email or text, report it to Action Fraud using the online reporting tool.