Security Basics

That Text From Your Bank Is Probably Not From Your Bank

Video coming soon!

You get a text: "Your account has been locked. Click here to verify." It looks official. It might even have your bank's name right in the message. Your stomach drops a little, and your thumb is already moving toward the link before you've really thought about it.

That reaction is exactly what the scam is counting on.

The One Rule That Cuts Through Almost All of These

Here's the single most useful thing to know: real banks almost never ask you to click a link in a text message to fix something urgent. If there's an actual problem with your account — a real security hold, real suspicious activity — banks are built to have you log in directly through their app or their official website, not through a link that showed up in a text from an unknown number. That's not a coincidence or an old-fashioned habit on their part. It's because banks know links in text messages are exactly how this scam works, and they design their real communications to avoid looking like one.

So if a text is telling you to tap a link right now to fix something urgent with your account, that instruction itself is the biggest red flag in the whole message — more telling than typos, more telling than a slightly-off phone number, more telling than anything else.

Why This Scam Works So Well

This type of scam has a name — smishing, short for SMS phishing — and it's become one of the most effective tools scammers have, precisely because it exploits how differently we treat text messages compared to email. Most people have learned, at least a little, to be suspicious of email links. Text messages haven't earned that same instinct yet. They feel personal, immediate, and trustworthy in a way email doesn't — which is exactly why they work. Industry research has found smishing links get clicked at dramatically higher rates than the same kind of scam sent by email, sometimes by a factor of ten.

It's not a small-scale problem, either. U.S. consumers reported nearly half a billion dollars in losses tied to scam text messages in a single recent year — more than five times what was reported just a few years earlier. Fake bank alerts are consistently one of the most commonly reported categories, right alongside fake delivery notifications. Scammers specifically favor banking messages because the fear of losing access to your own money is one of the fastest ways to get someone to stop thinking clearly and just act.

The Playbook Is Almost Always the Same

These messages are built around urgency, because urgency is what stops people from pausing to think. You'll see phrases like "account locked," "suspicious activity detected," "verify immediately," or "unusual login attempt." The message is designed to create a small jolt of panic and offer an immediate, one-tap fix for that panic — the link. That combination is deliberate. A calm, rational moment is the enemy of this scam; a rushed, anxious one is exactly what it's built for.

Sometimes these texts will even get details right — a portion of a real bank's name, a logo-like format, occasionally even the last few digits of a real card number pulled from a previous data breach. None of that means it's legitimate. Scammers increasingly build in just enough real-looking detail to get past your first instinct to doubt it.

The Safe Move, Every Single Time

Don't click the link. Not "probably don't" — don't. Instead:

  • Open your banking app separately, the same way you always do, not through the link in the text.
  • Or call the number on the back of your physical card — not a number provided in the text message itself, since scammers will happily give you a fake "customer service" number that connects you straight to them.

If there's a real issue with your account, you'll see it the moment you log in through your normal, trusted method. If there's nothing there, you've just confirmed the text was fake — and it cost you nothing but thirty seconds.

A Few Other Quick Signs Worth Knowing

  • The sender is an unfamiliar number, sometimes a short code, sometimes a regular-looking phone number — banks' real alert systems are usually consistent, so if this looks different from texts you've gotten from them before, that's worth noticing.
  • The link itself looks slightly off — a shortened URL, or a web address that's close to your bank's name but not quite right (an extra word, a different ending, unusual characters).
  • It asks you to "reply" with personal information directly in the text — account numbers, PINs, verification codes. A real bank will never ask you to text sensitive information back.

The Short Version

If a text message claiming to be your bank is urging you to click a link to fix something right now, treat that as the scam itself — not a real emergency. Real banks route urgent issues through your app or their website, not unsolicited text links. The fix is simple and takes less time than the panic does: don't click, open your banking app on your own, or call the number on the back of your card. If it's real, you'll see it there too.

Not sure if a text you received is legitimate? Request help and we'll help you check it out safely.

Was this helpful?

Not sure if something you received is legit?

Send a screenshot or description and get a straightforward answer.

Request Help
Need tech help? Request Help