Action Fraud is warning of a sharp rise in scam text and emails preying on TSB customers following the bank's IT meltdown last month.
A total of 321 complaints have been received by the UK police's dedicated fraud tracking team since the beginning of May compared to 30 in the previous month. Over the same period, there have been 51 reports of cybercrime to Action Fraud referencing TSB, compared to 24 in the month before.
Worryingly, this has overloaded TSB's fraud hotline and we've heard from distraught victims who have seen life-changing amounts of cash emptied from their accounts being forced to wait hours on hold for help, including one Which? member who has seen £10,000 disappear from her account.
Which? explains what to watch out for and how to keep safe.
We've seen a deluge of examples of them on Twitter with many non-TSB customers raising the alarm.
But inevitably these scams are hitting the mark and causing confusion for real TSB customers.
A 'spoof' text message involves a fraudster disguising a message with the name of a bank or other genuine business.
The scams are particularly effective at fooling victims because of the way smartphones group messages which claim to come from the same source.
So if you already have genuine texts from TSB on your phone and a fraudster sends a message as 'TSB' your phone will automatically include it under the real ones, making it harder to tell it's a scam.
One convincing example we've seen is a spoof text that genuinely appears to be from TSB and is being added to existing TSB message threads on a victim's phones.
It says: 'Hello, TSB here. Use password 751540. Didn't request this? Please call us on 03459758758'.The text is almost identical to the messages that TSB genuinely sends about logging into your account, making the scam extremely convincing.
The number is 'spoofing' TSB's sender ID which allows it to be grouped with other TSB messages. It's also spoofing a genuine TSB phone number but those that click the link end up ringing a scammer.
On the call, the scammer is likely to ask for your internet banking user ID, full name, and date of birth - which is all the information they need to reset your password.
This will generate a genuine text, with a genuine One Time Password or OTP code which the scammer will convince you to share with them - giving them free reign to empty your account.
The information needed to initiate this sort of scam has led some to ask if TSB has experienced a data breach.
During the IT debacle, as well as thousands of customers being locked out of their online accounts, some were able to see the details of other customers' balances and payments when they logged on.
However, TSB insists there has been no data breach and customer details are safe.
A TSB fraud spokesperson said: 'While our systems are safe and secure, unfortunately, fraudsters are increasingly sophisticated and looking to take advantage of situations like these by approaching customers.
'Protecting our customers' information is our number one priority. We are doing all we can to ensure customers don't become a victim of fraud, whether they bank with us in branch, online or via the telephone and this is something we are working on with Action Fraud and a number of external organisations.
'We are also working with these organisations to help them identify fraudulent sites so we can take them down as quickly as possible.'
TSB's fraud services seem to be buckling under the pressure as fraud victims have been left on hold when trying to report what's happened to them.
Which? member Pat Durham, from Nottinghamshire, thought something was suspicious when she got locked out of her TSB online banking two weeks ago. She went into a branch the same day and found that someone had accessed her account and managed to empty nearly £10,000 in various transactions.
The retired teacher, 64, told Which? Money she had not received any suspicious emails or texts claiming to be from TSB so has no idea how the fraudsters were able to access her account.
But she found it nearly impossible to get through to the TSB fraud team once she had discovered the life-changing sum of money had been stolen and on one day was left waiting three hours on the fraud hotline in her local branch.
When she got through she was not given any idea about if the cash would be repaid or when she could get back into her account.
Mrs Durham has since been refunded an arbitrary £8,000 - £2,000 short of what she lost, out of the blue and with no communication from TSB, leaving her confused and worried.
We asked TSB about what it's doing to help fraud victims facing hours to speak to an adviser. A spokesperson said: 'We apologise for the long wait times that customers may be experiencing. We've put in additional resources to help customers with their enquiries and we are working hard to improve call wait times.'
Banks do not have to refund fraud victims if they can prove a customer shared sensitive information like user IDs, PINs or passwords.
However, some are calling for TSB to shoulder some of the responsibility as fraudsters capitalise on the bank's very public IT problems, which have left customers more vulnerable to falling for these cons.
Gareth Shaw, Which? Money expert, said: 'TSB customers will be looking for immediate answers to some big questions. Not only have they endured last month's IT shambles, but they now find themselves more vulnerable to fraudsters who have capitalised on the meltdown.
“The bank has a long way to go to restore its customers' trust and must take into consideration the additional consequences of its IT glitch when dealing with complaints of fraud.'
We asked TSB if it would treat customers fallen victim to fraud differently given the circumstances, a spokesperson said: 'If customers have been a victim of fraud as a direct result of our recent IT issues they won't be left out of pocket.'
This statement doesn't confirm, however, whether or not customers who fall victims of scams will be refunded in full.
TSB has issued a warning to customers about the increase in bogus emails, texts and tweets phishing for information.
The bank has sent customers emails and updated its site with information about how to keep safe and on how to spot when a communication isn't from them.
Here are ten things it says it would never ever do:
You should always question unsolicited texts, calls, emails and tweets claiming to be from TSB.
Phone numbers and email addresses can be made to look authentic, so always contact TSB directly via a known email or phone number, such as the one on the back of your bank card.
Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password.