Fake Bank SMS Examples — Real Scam Texts and How to Spot Them
See real examples of fake bank SMS scams targeting DBS, OCBC, UOB, Barclays, Chase, HSBC and more. Learn word-for-word how to identify them before you click.
Bank scam SMS messages are the single most reported form of fraud across Singapore, the UK, Australia, and the United States. Scammers craft these messages to be indistinguishable from real bank notifications at a glance — same sender name, same urgent tone, same branding language.
This guide shows you real examples of fake bank SMS messages, explains exactly what makes each one a scam, and tells you what to look for in any bank message you receive.
Why fake bank SMS messages are so convincing
Three technical factors make bank SMS scams unusually effective:
Sender ID spoofing — mobile networks allow anyone to set any alphanumeric string as a sender ID. A scammer can send a text that appears in your phone under "DBS" or "HSBC" — in the exact same conversation thread as real messages from your bank. Your phone has no way to distinguish them.
Urgency engineering — every fake bank SMS is written to trigger fear and panic. Account suspended. Fraud detected. Unusual activity. These phrases cause your brain to shift into crisis mode where careful reading falls away.
Legitimate-looking links — scammers register domains like dbs-secure-alert.com or hsbc-verify-online.net and build convincing login pages. Until you check the full URL carefully, they look real.
Real examples of fake bank SMS messages
The following are examples of actual scam messages that have been reported. Details have been slightly altered to avoid enabling reuse.
Example 1 — DBS Singapore fraud alert
"DBS: Unusual login detected on your account from a new device. If this was not you, click here to secure your account immediately: http://dbs-securityalert.com/verify"
Why it's fake: DBS's real domain is dbs.com.sg — not dbs-securityalert.com. Real DBS security alerts tell you to call the hotline on the back of your card, not click a link. The link uses HTTP not HTTPS.
Example 2 — OCBC account suspension
"OCBC BANK: Your online banking access has been temporarily suspended due to multiple failed login attempts. Please verify your identity to restore access: https://ocbc-id-verify.com/restore"
Why it's fake: OCBC's real domain is ocbc.com. The link goes to ocbc-id-verify.com which is a scam site. Legitimate suspensions are communicated via official app notifications or require you to call the bank directly.
Example 3 — HSBC UK payment alert
"HSBC: A payment of £2,450 has been initiated from your account. If you did not authorise this, call us immediately on 0800-XXX-XXXX or click: https://hsbc-uk-alerts.com/cancel"
Why it's fake: The phone number is not HSBC's real number. HSBC's genuine fraud line number is on the back of your card. The link domain is not hsbc.co.uk. Real HSBC alerts for disputed payments direct you to the number on your card, never a link.
FAQ
Real bank SMS messages never contain links asking you to log in. They confirm transactions or notify you of changes. Any SMS with a link asking for credentials or OTPs is fake.
Yes. Scammers spoof the sender ID to match your bank's name, so fake messages appear in the same conversation thread as legitimate ones.
No. Sender IDs like 'DBS', 'HSBC', or 'Barclays' can be spoofed by anyone. The sender name alone does not confirm legitimacy.