The Safe Web Guide.
Scam Alerts, Text (smishing) scams, Latest Scam AlertsMonday, April 6, 2026

The 'New Payee' Text Alert: Spotting the Urgent Bank Smishing Trap

It's 3:00 PM on a Friday. You're busy running errands or finishing up work when your phone pings. It's a text message from what appears to be your bank: 'HSBC Alert: A new payee, Mr. J. Smith, was successfully added to your account. If you did not authorize this, please call our security team immediately on 020 8123 XXXX to cancel the pending transfer of £1,200.'

Your stomach drops. You didn't add a new payee. You definitely don't want to lose £1,200. You reach for the phone to call the number in the text. Stop! This is a classic bank smishing scam. There is no Mr. J. Smith, and no money has left your account. The entire goal of this text is to trigger a 'panic response' so that you call a scammer's phone number instead of your real bank.

Why 'New Payee' Scams are So Effective

This scam works because it uses 'Micro-Targeting.' Scammers send millions of these texts. If they send a 'Santander' alert to someone who only uses 'Barclays,' the person deletes it. But if they send 50,000 texts, they are guaranteed to hit thousands of actual HSBC customers. When the name of the bank matches your own, your brain assumes the message is real.

Red Flag: The 'Direct' Phone Number

A real bank alert will never provide a 'local' or standard 07/020 phone number for you to call. They will tell you to 'log into your app' or 'call the number on the back of your card.' Scammers want you to call *their* number so they can perform a vishing scam and trick you into giving them your password.

3 Steps to Verify a Bank Alert

  1. Ignore the Text: Do not reply and do not call the number provided.
  2. Log in via the App: Open your official banking app on your phone independently. Check your 'Recent Activity' and 'Manage Payees' section. You will see that no one has been added.
  3. Use a Trusted Phone: If you are still worried, use a different phone (like a landline) to call the official bank number from their website. This ensures the scammer isn't 'holding' your mobile line open.

The '7726' Rule

Whenever you receive a suspicious text, you can fight back. Forward the message to 7726. This is a free UK service that allows all major mobile networks to identify and block the scammer's server so they cannot target others.

What to Do If You Called the Number

If you realized mid-call that it was a scam, hang up. Call your bank's real fraud department immediately using the number on your debit card. They will walk you through securing your account. You should also change your online banking password and set up two-factor authentication (2FA) if you haven't already. This adds an extra layer of cyber security that stops hackers even if they have your password.

The Golden Rule: Banks never send phone numbers in text messages for security issues. If a text has a number to call, it is a criminal trap. Use the number on your physical card instead.

Ready for more insights?