Scam Alert

How to Spot a Fake Bank Text Before It Fools You

Scammers send millions of texts every day that look exactly like messages from real banks. The difference between spotting one and falling for one often comes down to knowing three specific things to check.

🗓 May 10, 2026

📖 8 min read

✍️ Senior Researcher Margaret

Your parent’s phone buzzes. The message reads: “Chase Bank Alert: Unusual sign-in detected on your account. Your access has been temporarily limited. Tap here to verify your identity and restore access.” It looks official. It came from a number labeled “Chase.” And it’s completely fake.

This is the fake bank text scam — also called a bank impersonation smish — and it is currently one of the most reported and most financially damaging scam types reaching older adults. According to the FTC, consumers lost $470 million to text scams in 2024, more than five times what was reported in 2020. Fake bank alerts are among the top performing lures in that category, precisely because they combine the authority of a trusted institution with the urgency of a financial emergency.

This guide shows you exactly how these texts are constructed, what specific details to look for, and what to tell your parent the moment one lands on their phone.

📌 Quick definition: A fake bank text scam (also called “smishing” — SMS phishing) is a fraudulent text message designed to look like it came from your bank. The goal is always the same: get you to click a link, call a fake number, or hand over account credentials or personal information.

How Big the Fake Bank Text Problem Really Is

Text scams have grown faster than almost any other fraud category. Understanding the scale helps explain why a single unconsidered tap can be so costly.

$470M Lost to Text Scams Reported to FTC in 2024 — 5x the amount lost in 2020

35% Of All Phishing Smishing now accounts for 35% of all phishing attacks globally (2025)

$1,000 Median Senior Loss Adults in their 70s lose a median of $1,000 per fraud incident — 2x younger adults

40% Year-Over-Year Growth Smishing attacks grew 40% year-over-year through 2025, per security research

The numbers that matter most for your parent aren’t the aggregate totals — they’re the per-victim figures. Adults in their 70s reported a median fraud loss of $1,000 per incident to the FTC in 2024, compared with $417 for adults in their 20s. For business impersonation scams — the category that includes fake bank alerts — losses of $10,000 or more increased more than fourfold among older adults between 2020 and 2024. The FTC’s data shows that when these scams succeed against older victims, the amounts involved are far larger than most people realize.

“The seismic growth of reported fraud continues unabated. The impact on older adults is often catastrophic.” — Kathy Stokes, Director of Fraud Prevention Programs, AARP Fraud Watch Network

What a Fake Bank Text Actually Looks Like

Below is a typical fake bank text scam message — the kind that reaches millions of phones every day. Every element is deliberate. Reading it with annotations makes the manipulation visible.

🏦

Chase Bank

Today, 9:14 AM

ALERT: Unusual sign-in detected on your Chase account from an unrecognized device. Your account has been temporarily limited.

To restore full access, verify your identity within 24 hours:
chase-secure-verify.com/auth?id=7842

🚩 SENDER NAME: Scammers spoof the display name — “Chase Bank” is not proof the text came from Chase. Any number can be labeled anything.

🚩 URGENCY + DEADLINE: “24 hours” is manufactured pressure designed to stop you from pausing to verify. Real banks do not threaten account closure by text.

🚩 FAKE LINK: “chase-secure-verify.com” is not Chase’s domain (chase.com). Scammers register convincing-looking URLs specifically for this purpose.

Three structural elements appear in virtually every fake bank text: a claim of suspicious or unauthorized activity, a time-limited threat to the account, and a link or callback number that routes to the scammer. None of these elements are how real banks communicate genuine security concerns.

What Happens After the Tap

The text is only the first contact. What follows depends on which path the scammer has set up — and each one leads to the same destination.

Step 1 — The Tap

The victim clicks the link in the text

The link leads to a near-perfect replica of the bank’s real website — same logo, same color scheme, same layout. A login form asks for username and password. Some variants also ask for the full account number and the last four digits of the Social Security number “for verification.”

Step 2 — The Harvest

Credentials are captured instantly

Everything typed into the fake form is sent directly to the scammer in real time. Within minutes, they attempt to log into the real bank account using the captured credentials. Some sites also install malware on the device that continues harvesting passwords and banking apps in the background.

Step 3 — The Callback Variant

Or: the victim is told to call a fake number

Some fake bank texts skip the link entirely and include a phone number to call. A person answers and poses as a bank fraud specialist. They walk the victim through “securing” the account — which actually involves reading out account numbers, routing numbers, and two-factor authentication codes, giving the scammer live access.

Step 4 — The Transfer

Funds are moved before anyone realizes

Once inside the account, scammers move quickly. Wire transfers, peer-to-peer payment apps, and cryptocurrency purchases are executed within hours. The FTC confirms that bank transfers are the most common payment method in high-loss scams — and one of the hardest to reverse. Recovery rates for wire fraud are extremely low.

Real Bank Text vs. Fake Bank Text: The Exact Differences

This table covers what legitimate banks actually do and do not do by text — so your parent has a clear reference before the next message arrives.

What the text does	Real Bank Text	Fake Bank Text
Contains a clickable link	✓Links go to the bank’s official domain only (e.g., chase.com, bankofamerica.com)	✗Links go to lookalike domains (e.g., chase-secure-verify.com, alert-bofa.net)
Asks for password or PIN	✓Never. Real banks never request passwords via text under any circumstances	✗Always. The form or fake rep will request credentials to “verify identity”
Threatens account closure	✓No — real alerts inform you of activity, they do not threaten deadline consequences	✗Yes — “your account will be closed in 24 hours” is a manufactured pressure tactic
Asks you to call a number in the text	✓No — official bank numbers are on the back of your card and the bank’s website, not in alerts	✗Yes — the number routes to a scammer posing as a fraud specialist
Requests Social Security number	✓Never via text. Identity verification happens through secure authenticated channels	✗Common — “last 4 of your SSN” is used to either steal identity or build false trust
Comes from a short code or your saved number	✓Legitimate alerts often use registered short codes (5–6 digit numbers) you have saved	✗May spoof the display name or use a random long number mimicking a local area code

The Seven Red Flags — Print This for Your Parent

These are the specific signals that separate a fake bank text from a real one. Every signal can be checked in under thirty seconds before taking any action.

Frequency of Red Flags in Confirmed Fake Bank Text Scams

Urgent deadline or threat

97%

Link to non-bank domain

93%

Request for password or PIN

84%

Unfamiliar or spoofed number

76%

Request for SSN or full account number

61%

Grammar errors or unusual phrasing

52%

Callback number embedded in text

44%

Source: Red flag frequency estimates based on FTC consumer alert guidance, FCC smishing advisories, and documented fake bank text case patterns. Figures are illustrative of pattern prevalence across reported incidents, not a single controlled study.

💡 The fastest check: Look at the link domain — not the display text, the actual URL. If it contains anything other than the bank’s official domain (e.g., chase.com, wellsfargo.com, bankofamerica.com), it is a scam. Do not tap it. Do not call any number in the text. Open the bank’s app directly or call the number on the back of the card.

Exactly What to Do When the Text Arrives

🛑

Step 1

Stop — Do Not Tap

Do not click any link or call any number in the text. Close the message.

→

🔍

Step 2

Check the Link Domain

Press and hold (don’t tap) the link to preview the URL. Is it the bank’s real domain?

→

📱

Step 3

Open the App Directly

If concerned about the account, open the bank’s official app or website — never via the text link.

→

📣

Step 4

Report and Delete

Forward to 7726 (SPAM) to report to your carrier. Report to the FTC at ReportFraud.ftc.gov.

Two Texts, Two Outcomes

Here is what these four steps look like in practice — and what happens without them.

Fake Alert — Spotted in Time

Text:“Wells Fargo Alert: Suspicious charge detected. Tap to review or your card will be suspended.”

Action:She presses and holds the link. The URL says “wfargo-alerts.net” — not wellsfargo.com. She opens the Wells Fargo app directly and sees no alerts. She deletes the text and forwards it to 7726.

Fake Alert — Clicked Without Checking

Text:Same message, same urgency. The display name says “Wells Fargo.”

Outcome:He taps the link and enters his username and password on what looks like the bank’s login page. Within two hours, $3,800 is transferred out of his account via Zelle. The money is gone.

Callback Variant — Recognized and Stopped

Text:“Bank of America Fraud Dept: Unauthorized wire transfer detected. Call us immediately: 1-800-555-0192.”

Action:She remembers the rule — never call a number from a text. She finds the real Bank of America number on the back of her card. No fraud on the account. The text number was a scammer’s call center.

Callback Variant — Called the Fake Number

Text:Same message. He calls the number. A professional-sounding “fraud specialist” walks him through “securing” his account.

Outcome:The specialist requests his account number and the two-factor code texted to his phone. The scammer uses both to authorize a wire transfer. He loses $6,200.

Your Parent’s Fake Bank Text Checklist — Save This

Print this checklist or share it by text with your parent. It covers every step from receiving a suspicious message to reporting it.

Fake Bank Text — What To Do Right Now

🛑

Do not tap any link or call any number in the text

This is the single most important rule. Even previewing the link (without tapping) on some older phones can trigger a download. Close the message first.

🔍

Check the URL domain before doing anything else

On most phones, pressing and holding a link previews the URL without opening it. If the domain is anything other than the bank’s official address, it’s a scam — regardless of what the display text says.

📱

Go directly to your bank — through the app or the card

Open the bank’s official app yourself, or call the number printed on the back of your debit or credit card. Never use contact information provided in the suspicious text.

⚠️

Remember: real banks never ask for passwords or PINs by text

No legitimate fraud alert will ever ask you to confirm your full password, PIN, or Social Security number via a text message link or a phone call prompted by a text. That request alone confirms it is a scam.

📣

Report it — two simple ways

Forward the text to 7726 (spells SPAM) — all major US carriers accept this and use it to block scam numbers. Also file a report at ReportFraud.ftc.gov. Your report helps stop the same scam from reaching others.

🔒

If you already clicked: act immediately

Call your bank directly using the number on your card — not any number you find online after clicking the link. Freeze your card, change your online banking password, and ask the bank to flag your account for monitoring. Time matters: the faster you act, the better the chance of stopping or reversing a transfer.

📰

Stay current on new fake bank text variants

Scammers update their messages constantly — switching bank names, adjusting the urgency language, and rotating link domains. A weekly alert that tracks new smishing variants is the most reliable way to recognize the next one before it lands.

Frequently Asked Questions

What is a fake bank text scam and how does it work?

A fake bank text scam — also called bank smishing — is a fraudulent text message designed to look like an official security alert from your bank. The message typically claims there has been suspicious activity on your account and instructs you to click a link or call a number to verify your identity. Both paths lead to the scammer: the link goes to a fake login page that captures your credentials, while the phone number connects you to a fraudster posing as a bank representative who will walk you through handing over account access.

How can I tell if a bank text message is real or fake?

The fastest check is the link domain: press and hold the link (without tapping it) to preview the URL — if it contains anything other than the bank’s official domain (such as chase.com or wellsfargo.com), it is a scam. Two other reliable signals are a time-based threat (“your account will be suspended in 24 hours”) and any request for your password, PIN, or Social Security number, neither of which real banks ever request via text. When in doubt, do not interact with the text at all — open the bank’s app directly or call the number on the back of your card.

What should I do if my parent received a fake bank text?

If they have not clicked anything, tell them to delete the text and forward it to 7726 (SPAM) to report it to their carrier, then file a report at ReportFraud.ftc.gov. If they did click the link or provide any information, act immediately: call the real bank using the number on the back of their card (not any number found in the text or through a search after clicking the link), ask the bank to freeze the account and flag for fraud monitoring, and change the online banking password. The faster these steps happen, the better the odds of stopping a transfer.

Margaret — Senior Researcher, Family Scam Shield

Margaret tracks emerging fraud tactics targeting older adults and their families, with a focus on AI-enabled voice scams, impersonation fraud, and practical low-tech countermeasures. Her research draws on FTC, FBI IC3, AARP, and McAfee data.

Sources

Federal Trade Commission — New FTC Data Show Top Text Message Scams of 2024; Overall Losses to Text Scams Hit $470 Million. April 2025. ftc.gov
Federal Trade Commission — False Alarm, Real Scam: How Scammers Are Stealing Older Adults’ Life Savings. August 2025. ftc.gov
AARP / Christina Ianzito — $12.5 Billion Lost to Scams and Fraud in 2024, Older Adults Hit Hard. March 2025. aarp.org
Federal Trade Commission — FTC Issues Annual Report to Congress on Agency’s Actions to Protect Older Adults. December 2025. ftc.gov
Axis Intelligence — Phishing Statistics 2026: Email, SMS & Social Attacks. 2026. axis-intelligence.com

Know the Next Scam Text Before Your Parent Gets It

Family Scam Shield sends a plain-language weekly alert covering the exact scam texts and calls targeting families right now — including new fake bank alert variants and the specific domains scammers are currently using.

✅ Weekly briefings in plain language — no jargon, no tech knowledge needed
✅ Real-time alerts on new smishing and fake bank text variants
✅ Easy-to-share summaries you can forward to your parent in one tap

Start My Free 10-Day Trial

Cancel anytime.