Barclays Scam Texts: How to Spot a Fake Barclays SMS (UK)
Scammers are sending fake Barclays bank texts to UK customers—here's exactly how to tell if a message is genuine.
What a fake Barclays text looks like
A Barclays scam text is a smishing message designed to look like a bank security alert so you tap a link and give away online-banking details, card details, or a one-time passcode. An example of the style is: Barclays: A new payee was set up on your account today. Not you? Cancel here: barclays-id-check.example. The trigger varies - a new payee, a Direct Debit, a blocked card, or a payment you do not recognise - but the goal is to panic you into tapping.
The link usually leads to a copycat banking page or to a form controlled by criminals. This guide shows how to spot the warning signs, verify safely, and act if you have already tapped a link or shared details.
Why the fake is so convincing
Scammers can make a text appear to come from a familiar sender name, and phones can group messages in ways that make a fake look as if it belongs with older genuine alerts. The displayed sender is not enough to prove the message is real.
The message often copies real bank-alert language, creates urgency, and offers one tap to "cancel", "verify", or "secure" the account. A genuine security check should not require you to use a text-message link to log in, share a passcode, or move money to a "safe account". If the text asks for any of that, treat it as a scam and check independently.
Signs a Barclays text is a scam
- It pressures you: a payee "added", a payment "blocked", or access lost unless you act quickly.
- It asks you to tap a link to "cancel", "verify", "secure", log in, or re-enter card details.
- The link goes to a lookalike or unfamiliar domain. Do not judge a bank text by the address alone - open the Barclays app or type the bank address yourself.
- It asks for a full password, PIN, card number, security answer, or one-time passcode.
- It tells you to move money to a new, holding, or "safe" account.
- A generic greeting can be a clue, but by text it is weaker than by email. Focus on what the message asks you to do.
- Spelling or spacing mistakes can help, but polished wording does not make a message genuine.
How the scam works
First, a text appears to be a Barclays alert about a payee, Direct Debit, blocked payment, or unusual login. Second, it pushes you to tap a link to stop the event or confirm it was not you. Third, the link opens a fake page that asks for banking details or card details. Fourth, the criminals capture what you type. Fifth, they may trigger a real one-time passcode and ask you to enter it on the fake page, giving them a way to approve a login or payment.
Finally, they try to move money, add payees, or use your details for further fraud.
The safest point to break the chain is before tapping the link.
How to check a Barclays text safely
Do not use a number or link from the text itself. Use one of these independent routes:
- Call 159. Stop Scams UK says 159 connects customers of more than 99% of UK retail bank current accounts safely and directly with their bank, and its published participant list includes Barclays.
- Open the official Barclays app and check recent activity, alerts, and secure messages.
- Type the bank address yourself, or use a bookmark you created earlier.
- Call the number on the back of your card.
Not every genuine text will necessarily appear as an in-app message. If you cannot confirm what the text claims, contact Barclays directly rather than assuming either way.
If you are unsure whether a linked website is a copycat, our guide on Is This Website a Scam? A Practical Checklist Before You Buy walks through the checks.
If you tapped the link or shared details
Act quickly. If you entered banking details, card details, or a passcode, call 159 or the number on the back of your card and say you may have been phished. Ask the bank to secure the account and check for payments, payees, or card activity you do not recognise.
Change your Barclays online-banking password or passcode only through the official app or by typing the address yourself. Change it anywhere else you reused it. If you shared card details, ask the bank to stop and reissue the card. If you downloaded anything, run a security scan and remove anything suspicious.
If you sent money by UK bank transfer on or after 7 October 2024, mandatory APP fraud reimbursement rules may apply to Faster Payments and CHAPS transfers. The PSR rules include a 13-month claim window, a maximum claim amount of £85,000, possible exclusions, and a possible excess of up to £100. Report the scam to your bank as soon as possible and keep evidence.
Consider Cifas Protective Registration at cifas.org.uk if you gave away enough personal information for identity misuse. Check your credit reports with Experian, Equifax, and TransUnion for applications you do not recognise.
If you bank elsewhere, the same checks apply — see, for example, our NatWest Scam Texts: How to Spot a Fake NatWest SMS (UK) guide.
How to report a Barclays scam text (UK)
Forward the text to 7726. The NCSC says most UK phone providers let customers report suspicious texts for free this way, so the provider can investigate and take action.
If you lost money, shared sensitive information, or were hacked, report it to Report Fraud at reportfraud.police.uk or on 0300 123 2040 if you are in England, Wales, or Northern Ireland. In Scotland, report to Police Scotland on 101.
If the same scam arrived by email, forward it to the NCSC at report@phishing.gov.uk. Tell Barclays through the app or the number on your card, and keep screenshots and a note of what happened.
Frequently asked questions
Is a Barclays text with a link always a scam?
No. A link alone is not proof either way. The safer rule is never to use a text-message link to log in, confirm details, enter a one-time code, or move money. If a message asks for that, check independently.
I clicked the link but did not enter anything - am I at risk?
The risk is lower than if you entered details, but do not continue. Close the page, do not download anything, and run a security scan if the page prompted a download. If you typed any detail or passcode, treat it as compromised and contact the bank immediately.
Can a fake Barclays text appear with real alerts?
Yes. Sender names can be misleading, and message grouping on a phone is not a reliable proof of origin. Verify through the app, 159, or the number on your card.
What number should I call to check safely?
Call 159 or the number on the back of your card. Do not call a number supplied in the suspicious text.
How do I report a Barclays text scam?
Forward the text to 7726. If you lost money or shared sensitive information, report it to Report Fraud at reportfraud.police.uk or 0300 123 2040 in England, Wales, or Northern Ireland; in Scotland, call Police Scotland on 101. Forward scam emails to report@phishing.gov.uk.