Fake Bank and Government Messages: The Email and SMS Scam

An urgent email from your bank announces the imminent suspension of your account. A text message from the NHS (UK) or a health insurance provider (US) promises you an unexpected refund. These communications, which look official, are often sophisticated fraud attempts aimed at stealing your personal information or money. Known as phishing by email or smishing by SMS, this technique is one of the most widespread on the internet. It’s a threat that exploits the trust we place in institutions to create a sense of urgency or the lure of a reward, pushing us to act without thinking. Understanding its mechanisms and knowing how to identify the warning signs is essential to protect your data and your finances.

What are phishing and smishing?

Phishing is a fraudulent technique that involves impersonating a trusted third party to obtain personal information. Cybercriminals send emails that perfectly mimic those from well-known organisations: banks, tax authorities (like HMRC in the UK or the IRS in the US), social security services, energy suppliers, or even e-commerce sites. Smishing is simply the version of this scam that uses SMS text messages as its communication channel. In both cases, the ultimate goal is the same: to trick you into clicking on a malicious link or opening a booby-trapped attachment.

These messages play on powerful psychological triggers to bypass your vigilance. They often use alarming or enticing pretexts to push you into immediate action.

• Your account security: “A suspicious login has been detected,” “Your account is about to be blocked,” “Please confirm your details for security reasons.”
• An administrative issue: “Your latest bill is unpaid,” “Your health insurance card needs updating,” “Your parcel could not be delivered.”
• The lure of a reward: “You are entitled to a tax refund,” “A payment has been made in your favour,” “You have won a prize draw.”
• Compliance requirements: “New regulations: update your customer file,” “Your security software is out of date.”

Once you click the link, you are redirected to a fake website, a near-perfect copy of the official site, where you will be asked to enter your usernames, passwords, bank card numbers, or other confidential data.

How to recognise a fraudulent message?

Even though scammers are perfecting their methods, several clues can help you uncover the deception. The key is to remain calm and methodically analyse the message before taking any action. A careful inspection will almost always reveal anomalies.

The sender’s address: the first clue

This is the most important reflex to have. In an email, don’t trust the display name, which can be easily spoofed. Look at the full email address. Scammers use addresses that look like real ones but contain subtle variations. For example, `customer-service@barclays-support.co.uk` instead of `…@barclays.co.uk`. For text messages, be wary of unknown numbers or sender names that can be faked. Government agencies rarely use standard mobile numbers for their official communications.

A sense of urgency and threats

Fraudulent messages try to make you panic. They contain phrases like “immediate action required,” “without a response from you within 24 hours,” or “your account will be permanently closed.” A legitimate institution will never put you under such pressure via email or SMS to obtain sensitive information. Official procedures follow secure communication channels and always allow a reasonable time for response.

Spelling and grammar mistakes

Although less and less common, this is still a good indicator. Many phishing messages are automatically translated or written in a hurry. Grammar mistakes, incorrect verb tenses, or awkward phrasing should immediately arouse your suspicion. An official communication from a major bank or government agency is usually proofread and approved, and therefore free of such errors.

Suspicious links and attachments

Never click blindly on a link. On a computer, hover your mouse over it (without clicking) to display the real destination URL in the bottom corner of your browser. If the address that appears is strange, full of numbers, or doesn’t match the organisation’s official website, it’s a scam. Also be wary of attachments, especially if you are not expecting one. They can contain malware (viruses, ransomware) designed to infect your device. Formats like `.zip`, `.exe`, or even Word documents with macros are particularly risky.

Lack of personalisation

An authentic message from your bank or a government agency will usually address you using your full name. An email that starts with a vague salutation like “Dear customer,” “Hello,” or “Dear user” is suspicious. However, be aware that some more targeted attacks (spear phishing) may contain your personal information, obtained from previous data breaches. The presence of your name is therefore not an absolute guarantee of authenticity.

What should you do if you receive a suspicious message?

The right reaction is caution and inaction. Don’t give in to panic and follow a simple procedure to protect yourself and help fight these scams.

• Do not click on any links or open any attachments.
• Never reply to the message. This would confirm to the scammers that your email address or phone number is active.
• Delete the message from your inbox and your deleted items/trash folder to avoid any accidental interaction later.
• Report the scam attempt. For emails, you can report them to the National Cyber Security Centre (NCSC) (UK) or the Federal Trade Commission (FTC) (US). For text messages, forward them for free to 7726. You can find more information on the NCSC website (UK) or the FTC website (US).
• Contact the organisation concerned through an official channel if you have any doubts. Do not use the contact details provided in the suspicious message. Go to the official website using a search engine, use the mobile app, or call the phone number that appears on your official documents (bank statement, etc.).

What if you’ve fallen into the trap?

If you have clicked on a link and provided information, it is crucial to act quickly to limit the damage. The speed of your reaction can make all the difference.

Follow these steps without delay:

• Immediately change the password for the account concerned (bank, email, etc.) and for any other sites where you use the same password.
• Block your bank card. Contact your bank without delay to block your card and report the fraudulent transaction. Most banks offer a 24/7 service for this.
• Monitor your accounts very closely in the following days and weeks to detect any suspicious transactions.
• File a report with the police. This is an essential step for any potential reimbursement procedure.
• Also, file an official report on the appropriate government platform: Report Fraud (UK) or the FBI’s Internet Crime Complaint Center (IC3) (US). You will find help and advice tailored to your situation there. For illegal content, you can also use portals like Report Harmful Content (UK).

Conclusion

Phishing and smishing attempts are multiplying and becoming more complex, exploiting our growing dependence on online services. The best defence remains constant vigilance and a healthy dose of scepticism towards any unexpected or alarming communication. Remember that no reputable bank or government agency will ever ask you to provide confidential information like your password, full bank details, or a security code by email or text message. By adopting the right habits and knowing how to react, you will significantly reduce the risk of becoming a victim.

To learn more, we invite you to consult our comprehensive guides on online protection. Discover how to protect yourself against all forms of scams and the key points to follow to browse safely.

• Fraud, Scams, and Swindles: How to Protect Yourself and React!
• The Key Steps to Avoid Most Online Scams!

Article by : René Ronse | Review guidelines | Review consultants
About the author: René Ronse, manager of ArnaqueOuFiable.com. Expert in consumer cybersecurity, specialist in detecting online fraud, product transparency, and digital compliance. He has over 20 years of experience analyzing hidden subscription mechanisms, unreadable terms and conditions, aggressive sales tactics, and deceptive commercial practices on the web.
Last updated on 4 May 2026.
This article is also available in : Français - Deutsch - Español - Italiano - Nederlands - Português