Barclays Scam Texts UK

Spot fake fraud-alert, card-blocked and security-check texts impersonating Barclays

Last reviewed: 11 May 2026 · ScamSupport research

The Barclays scam-text pattern in 2026

Barclays-impersonation smishing is the most financially damaging SMS scam category in the UK. UK Finance’s 2025 Annual Fraud Report puts Authorised Push Payment (APP) fraud losses at over £460m in 2024, with bank-impersonation messages the largest single vector. The mechanic is consistent across all major UK banks but Barclays customers are disproportionately targeted because the bank’s real fraud-alert SMS arrives from a sender ID called “Barclays” — which criminals can spoof, so the scam message appears in the same SMS thread as genuine bank alerts.

Three Barclays scam-text variants currently in circulation

From: Barclays (spoofed sender ID; appears in the same SMS thread as real Barclays alerts)

Body: “Barclays: A transaction of £824.99 to AMAZON.CO.UK was attempted on your card ending 4823. If this wasn’t you, call 0203 XXX XXXX urgently.”

Red flags:

  • You will be told to call the number in the text. When you call, the “fraud team” will confirm the transaction was fraudulent and tell you that to protect your money you must transfer your balance to a “safe account in your name”. The safe account is the criminal’s. This is the entire scam.
  • Spoofed sender ID. The text genuinely appears in the same thread as real Barclays alerts because SMS sender IDs in the UK are not authenticated. This means a thread that contains a genuine OTP can ALSO contain scam messages from the same sender ID.
  • Plausible card last-4 digits. Criminals harvest real card details from earlier breaches; some campaigns target you specifically because they already know the last 4 digits of your card.
  • The phone number is the trap. Real Barclays alerts tell you to call the number on the back of your card — never a number provided in the message itself.

From: Barclays (spoofed)

Body: “Barclays: We have detected unusual activity. Your card has been blocked. To verify your identity and unlock your card, visit barclays-security-check[dot]com”

Red flags:

  • Barclays never sends customers to third-party verification domains. Real Barclays will direct you to the official app or to barclays.co.uk. Domains like barclays-security-check.com, barclays-verify-uk.com or anything-Barclays-anything are typosquats.
  • The page asks for full card details, full account details, the security number from a card reader, and a memorable word. All of these are then used in real-time by a criminal logged into your real online banking. The card-reader number is a one-time code that lets them authorise a transfer.
  • Genuine card blocks are unlocked through the app or via the in-person branch. If you weren’t expecting a block, log into the Barclays app to check your card status.

From: Barclays (spoofed) followed by a phone call within 5-15 minutes

Body: “Barclays Fraud: Suspicious payment of £1,500 to crypto exchange. We will call shortly.”

Then a phone call from a number that appears to be Barclays (spoofed caller ID), with someone who knows your name, your address and your sort code. They tell you the transfer is in progress and you need to immediately move money out of your account.

Red flags:

  • The combination of SMS + call is the hallmark of organised APP fraud. The text primes you to expect the call.
  • Caller-ID spoofing is straightforward. The number on your phone screen can be made to display “Barclays Fraud” or 0345 734 5345 (the real number). This is not a sign the caller is genuine.
  • They will know personal details about you. Address, last transactions, sort code, even your card number. All available on the breach economy. None of it proves they’re from Barclays.
  • The instruction is always “move money to a safe account”. Banks never ask customers to move money for their own safety. If you hear this phrase, hang up immediately.

How to verify a Barclays text is genuine

Three rules. Apply all three before responding to any Barclays SMS:

  1. Never call a number from the text. Hang up if the SMS provides a number to call. Real Barclays fraud alerts always direct you to call the number on the back of your card, or use the in-app chat. Always.
  2. Open the Barclays app, not a link. Genuine alerts can be confirmed by logging into the app and checking the “activity” or “message centre” tab. If the alert is real, it will also be visible inside the app. If it’s a scam, the app will be quiet.
  3. If in doubt, walk into a branch. An in-branch verification with photo ID is the unspoofable channel.

If you’ve already transferred money

UK APP fraud has a defined recovery framework. Act within hours, not days:

  1. Call Barclays’ real fraud line on 0345 734 5345 (or use the in-app chat) using the number on the back of your card. Use the phrase: “This was an authorised push payment scam. Please log it under the PSR reimbursement scheme.”
  2. The PSR (Payment Systems Regulator) Mandatory Reimbursement Scheme requires Barclays to reimburse APP fraud victims up to £85,000 for transfers made after 7 October 2024, unless the bank can prove gross negligence on the customer’s part. Make the claim in writing within 13 months.
  3. Report to Report Fraud at reportfraud.police.uk. You’ll need the crime reference number for any subsequent recovery action.
  4. Read our UK Scam Recovery Guide for the full PSR reimbursement walkthrough, including how to handle a Barclays initial refusal under the “gross negligence” clause.

Related scam guides

Use the Scam Message Scanner →