By clicking a retailer link you consent to third-party cookies that track your onward journey. This enables W? to receive an affiliate commission if you make a purchase, which supports our mission to be the UK's consumer champion.

Warning: fraudsters are impersonating credit card firms in new text scam

New warning issued on 'smishing' scams
Stefanie Garber

If you receive an unsolicited text message fromyour credit card provider, think twice before hitting reply- it might be a scam, the police's fraud bureau has warned.

ActionFraud has issued an alert about 'smishing', where scammers seektostealyour credit card details via SMS. According to the warning, the National Fraud Intelligence Bureau - part of the City of London Police - has received multiple new reports of criminals impersonating credit card providers in text messages to consumers.

The warning comes days after Financial Fraud Action UK revealedcontactless card fraud had soaredby 150% in the past year.

'Smishing' can be hard to spot - but our tips can help you identify potential scams and take action to protect yourself.

Find out more: How to spot a scam

What is 'smishing'?

'Smishing' is short for phishing scams by SMS.

In a typical 'smishing' attack, a fraudster will send you a text message claiming to be your credit card provider or bank. Often, the text will say a transaction has taken place and ask you to confirm it by texting back 'Y' or 'N'.

Responding in any way can make you vulnerable, because it confirms that yourmobile phone number is active.The scammers will then follow up by asking to confirm your credit card details, CCV number (the last three digits on the back of your card) or other personal information.

Once armed with these details, the criminals can go on a spending spree, with you footing the bill. Both smartphones and analogue phones can be targeted.

Credit card fraud on the rise

In a recent report from Financial Fraud Action UK, 'smishing' was identified as a key contributor to the increase in remote purchase fraud, where stolen credit card details are used to make purchases online or over the phone.

Last year alone, cases of remote purchase fraud rose by 20%, with more than 1.43 million victims across Britain. Overall, consumers lost £432m to this type of fraud in 2016.

The report also identified a rise in contactless card fraud. Around £6.9 million were stolen in 2016 on contactless cards, up from £2.8 million in 2015.

Find out more:Are contactless cards safe?

How to protect yourself from 'smishing'

'Smishing' scams can be sophisticated, closely resembling legitimate messages from well-known banks or credit card providers. But you can take steps to avoidfalling prey to these tactics.

  • Be wary of unsolicited text messages: Ifa financial provider contacts you out of the blue, proceed with extreme caution.An unsolicited message - whether text, email or letter - is often a sign of a scam, especially if it asks for personal information. If your bank does need to contact you, they will generally ask you to call their customer service centre rather than seeking an answer on the spot.
  • Call your financial institution for confirmation:Any time you receive a message claiming to be from your bank or credit card provider, always call their customer service centre to confirm its validity. When calling, use the number on the back of your credit card or your bank statement, so that you can be sure you're getting through to the real company.
  • Check for inaccuracies or spelling mistakes: While mistakes can happen, financial firmsrarely issue messages with spelling and grammar errors. Scammers sometimes use bad English on purpose to ensure that only the most vulnerable people take their bait. At the same time, 'smishing' messages may look identical to official communications - don't assume you're safe just because the spelling is correct.
  • Don't respond if an SMS seems fishy: Any response to a smishing message may confirm that your mobile number is active, potentially exposing you to future scam attempts. If you think there is any chance the message may be fraudulent, don't text back at all
  • Report scams to the police:If you believe you've received fraudulent text message, report it to the Action Fraud athttp://www.actionfraud.police.ukor alternatively by calling 0300 123 2040

Find out more:How to report a scam

More on this

Related articles

About Us

Which? Limited is registered in England and Wales to 2 Marylebone Road, London NW1 4DF, company number 00677665  and is an Introducer Appointed Representative (FRN 610689) of the following:


1. Inspop.com Ltd for the introduction of non-investment motor, home, travel and pet insurance, who are authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635). Inspop.com Ltd is authorised and regulated by the Financial Conduct Authority (FCA) to provide advice and arrange non-investment motor, home, travel and pet insurance products (FRN310635) and is registered in England and Wales to Greyfriars House, Greyfriars Road, Cardiff, South Wales, CF10 3AL, company number 03857130. Confused.com is a trading name of Inspop.com Ltd. 


2. LifeSearch Partners Limited (FRN656479), for the introduction of Pure Protection Contracts and Private Health Insurance, who are authorised and regulated by the FCA to provide advice and arrange Pure Protection Contracts and Private Health Insurance Contracts.  LifeSearch Partners Ltd is registered in England and Wales to 3000a Parkway, Whiteley, Hampshire, PO15 7FX, company number 03412386.


3. HUB Financial Solutions, for the introduction of equity release advice and an annuity comparison service, who are authorised and regulated by the Financial Conduct Authority (‘FCA’) to provide advice and guidance on financial products for those who have retired or are approaching retirement (FCA Firm Reference Number: 455713). HUB Financial Solutions is registered in England and Wales to Enterprise House, Bancroft Road, Reigate, Surrey RH12 7RP, company number 05125701.


4. Alan Boswell Insurance Brokers Ltd (FRN 301), for the introduction of non-investment landlord insurances, who are authorised and regulated by the Financial Conduct Authority to provide advice and arrange insurance contracts. Alan Boswell insurance brokers Ltd is registered in England at Prospect House, Rouen Rd, Norwich NR1 1RE, company number 02591252.


Other financial services:

Mortgage service provided by London & Country Mortgages (L&C), Unit 26 (2.06), Newark Works, 2 Foundry Lane, Bath BA2 3GZ. London & Country are authorised and regulated by the Financial Conduct Authority (registered number: 143002). The FCA does not regulate most Buy to Let mortgages. Your home or property may be repossessed if you do not keep up repayments on your mortgage.


We do not make, nor do we seek to make, any recommendations or personalised advice on financial products or services that are regulated by the FCA, as we’re not regulated or authorised by the FCA to advise you in this way. In some cases, however, we have included links to regulated brands or providers with whom we have a commercial relationship and, if you choose to, you can buy a product from our commercial partners. 


If you go ahead and buy a product using our link, we will receive a commission to help fund our not-for-profit mission and our campaigns work as a champion for the UK consumer. Please note that a link alone does not constitute an endorsement by Which?.