Thousands of Santander customers are being told NOT to click on a text apparently sent by the bank within the past few days.
Staff are warning it is a scam even though the message, which claims that they have detected “suspicious activity”, is appearing in the bank’s own feed on people’s phones.
The bank says those carrying out the scam are carrying out “number spoofing”.
The text reads: “We have detected suspicious activity on your account. Please verify via the secure link to prevent account lockout.”
It includes a link to a page that looks very like the official Santander one – but is in fact part of a sophisticated ‘smishing’ con.
But the bank are warning: “Have you received a message like this pretending to be from Santander? If so, do NOT click the link – it is a scam.
“Remember, never enter your Online Banking details after clicking on a link in an email or text message.”
Smishing is a security attack in which the user is tricked into downloading a trojan horse, virus or other malware onto his cellular phone or other mobile device. Smishing is short for “SMS phishing.”
A spokeswoman said: “We became aware on the evening of March 7th that a number of Santander customers had been targeted by scammers – who had sent them fake SMS messages.
“We have an ‘always on’ approach to communicating with customers reminding them that we would never ask them to click on a link in a text message or email.
“Unfortunately scammers are becoming increasingly sophisticated, and targeting customers of many banks and payment companies.
“This text message was an attempt to dupe customers into revealing key information that could allow the scammers to access their accounts.”
Customers calling the bank by phone are told not to click on the link or enter details. Those that have are told to speak to one of the bank’s specialists.
They also reissued the following advice: