Is this bank text a scam?

Bank impersonation texts are among the most convincing scams out there. They often appear in the same text thread as your real bank messages, making them look completely legitimate. Here is how to spot the difference.

Your real bank will never ask you to confirm your full card number, PIN, or online banking password via text. Any text asking you to click a link and enter those details is a scam, even if it looks exactly like a bank message.

Red flags

Text asks you to reply with your account number, SSN, or PIN
Includes a link asking you to log in to your bank account
Claims your account will be frozen unless you respond immediately
Asks you to confirm or cancel a wire transfer by clicking a link
Callback number does not match the number on the back of your card

How bank smishing scams work

Bank Alert: Did you authorize $1,247.83 to JOHN MARTINEZ via Zelle? Reply YES or NO. If NO: https://[bankname]-secure.online/verify

Real bank fraud alerts use Reply YES/NO only — they never include a verification link. The presence of a link in a 'fraud alert' is itself the scam.

If you already clicked or paid

Change your online banking password from your bank's official website (typed directly), enable two-factor authentication, lock your debit and credit cards through the mobile app, and call the number on the back of your card to report. Watch for unauthorized Zelle transfers — these are the most common follow-on fraud after credentials are stolen.

How to verify the real thing

Major bank short codes for real fraud alerts: Chase 24273/36640, Bank of America 39872/73383, Wells Fargo 93557/54732, Capital One 80101, Citi 95686. All use Reply YES/NO — none include verification links. Verify any alert by logging into the bank's official website or app directly.

Frequently asked questions

What short codes do major US banks actually use?

Chase: 24273, 36640. Bank of America: 39872, 73383. Wells Fargo: 93557, 54732. Capital One: 80101. Citi: 95686. All ask Reply YES/NO without links.

Will my bank ever send a fraud alert with a link?

Never. All major US bank fraud alert systems use Reply YES/NO. Any text claiming to be your bank with a verification link is a scam.

What's the Zelle 'fraud reversal' scam?

Scammers posing as bank fraud agents ask you to send a Zelle to yourself to 'reverse' fraud. The Zelle goes to the scammer and is irreversible. No bank ever asks customers to Zelle themselves.

I clicked the bank scam link — am I hacked?

Not from clicking alone. The risk is whether you logged in on the fake page. If you did, change your password from the bank's site directly and enable two-factor authentication.

How do I report a bank scam text?

Forward to 7726 (SPAM) and to your bank's reporting address: phishing@chase.com, abuse@bankofamerica.com, reportphish@wellsfargo.com, abuse@capitalone.com.

Related scam guides

Last reviewed: 2026-06-23 by the ScamRadar editorial team. We update this page when scammer tactics change or when official agencies issue new guidance.

ScamRadar · Blog · Scam Database · Is It Legit? · About