Scam watch: 'A very convincing banking scam - except I don't bank there'

Fraudsters' mundane email could lull victims into sharing their login details
Faye LipsonSenior researcher & writer

Faye was Headline Money Consumer Money Journalist of 2023 and a Wincott Award finalist in 2025. She's been investigating scams for nearly a decade.

Dear Which?,

I received a very detailed email about changes to my Club Lloyds account. It lists some rather dry-sounding changes to the account’s terms and conditions. 

There’s just one hitch: I don’t bank at Lloyds. Surely it must be a scam?

Name and address supplied

Outsmart the fraudsters

free newsletter

Sign up for our free Scam Alerts service.

Our Scam Alerts newsletter delivers scams-related content, along with other information about Which? Group products and services. We won't keep sending you the newsletter if you don't want it – unsubscribe whenever you want. Your data will be processed in accordance with our privacy notice.

Faye Lipson, Which? senior researcher, says: 

These scammers have been very clever. This is a highly convincing phishing scam pegged to the recently announced and widely reported account changes to monthly fees on Club Lloyds accounts. Anyone receiving this scam and Googling to check the details will find they are indeed accurate. 

Equally, Lloyds is a smart choice of target. It’s the biggest banking group in the UK and so a phishing scam sent out indiscriminately to large numbers of people is still likely to reach many Lloyds customers.

But the bizarre-looking sender address gives it away as a scam. We’ve chosen not to reveal it, but the domain (the bit after the ‘@’ symbol) is completely unrelated to Lloyds or banking. 

The scam works by tricking you into clicking ‘to read the full update and FAQs’. The site this links to is now offline. However, if you had clicked this innocuous-looking text when it was live then, in all likelihood, you would be taken to a fake Lloyds login page that would rob you of your login details. 

This often then sets off a cascade of terrible consequences which aren’t always immediately apparent. You might receive a call days or even weeks later, claiming to be from the Lloyds fraud team, quoting part of your password back at you to convince you, and asking you to divulge one-time passcodes you’re being sent by text or email. 

In fact, this is the criminals logging in to your real bank account in real time and ransacking your funds. Scams like these are why we advise people to avoid clicking on email links, even if the subject looks harmless as it does in this case. 

It’s always better to navigate directly to the site using the known web address in your browser’s address bar to log in and/or view announcements. As criminals continue to use AI chatbots to help them generate phishing messages, we’re likely to see increasingly sophisticated examples such as this one.

key information

What to do if you've given details to a scammer

  1. Contact your bank or card provider if you've lost money or shared any financial details.
  2. If you shared any login details, you should change the passwords on those accounts immediately.
  3. Be cautious of any calls, texts or emails that request you log into accounts, share further details or move money.
  4. Report the scam to Action Fraud or the police if you live in Scotland.
  5. Report the website to the National Cyber Security Centre

More on this