Spot fake Halifax fraud-alert, payee-added and card-blocked texts targeting Halifax UK customers
Last reviewed: 12 May 2026 · ScamSupport research
The Halifax impersonation pattern in 2026
Halifax is part of Lloyds Banking Group but operates as a distinct brand with millions of UK current account, savings and mortgage customers. Halifax customers receive a disproportionate share of bank-impersonation smishing — partly because the Halifax brand identity remains strong despite the Lloyds parent relationship, and partly because criminals know Halifax customer demographics skew slightly older and more mortgage-anchored. UK Finance reports bank-impersonation losses above £460m in 2024 with Halifax sitting in the top tier of impersonated brands.
Three Halifax scam-text variants currently in circulation
From: Halifax or HBOS (spoofed sender ID; lands in the same SMS thread as real Halifax alerts)
Body: “Halifax: A payment of £1,184.00 to APPLE PAY has been attempted from your debit card. If this was not you, call 0203 XXX XXXX to dispute.”
Red flags:
Real Halifax fraud alerts don’t embed a phone number. They direct you to call the number on the back of your card or use the Halifax UK app secure messaging.
When you call, a “fraud agent” confirms the transaction was fraudulent and tells you that to safeguard your money you must transfer your balance to a “safe account”. That account belongs to the criminal.
Apple Pay framing. Recent campaigns use Apple Pay because most customers don’t have it set up, making the fake transaction feel plausibly unauthorised.
Spoofed sender ID lands in the same thread as genuine Halifax alerts — thread continuity is not authentication.
From: Halifax (spoofed)
Body: “Halifax: Your debit card has been blocked following suspicious activity. Re-activate at: halifax-secure-uk[dot]com”
Red flags:
Card blocks are managed in the Halifax app, never on third-party domains. The phishing page mimics Halifax’s real login screen and harvests your username, password, memorable information and a card-reader OTP. The card-reader code is what the criminal needs to authorise transfers in real time.
Domain check. Real Halifax lives at halifax.co.uk only. Anything-Halifax-anything is a clone.
The same criminal infrastructure runs equivalents targeting Lloyds (lloyds-reactivate), Bank of Scotland (bos-secure) and MBNA — one operator, four brand masks.
From: Halifax (spoofed) followed by a phone call within 10 minutes
Body: “Halifax Fraud: A £3,250 transfer is in progress to a new payee. Our fraud team will call shortly to verify.”
Then a phone call from a number that appears to be Halifax’s real fraud line. The caller knows your full name, sort code, and mortgage balance. They instruct you to move your funds to a “protected Halifax internal account”.
Red flags:
SMS + call combination is the hallmark of organised APP fraud. The text creates anticipation; the call exploits the panic state.
Caller-ID spoofing makes the displayed number unreliable. The number can be set to 0800 028 1709 (real Halifax fraud) or anything else.
Personal details are not proof. Sort code, mortgage balance, recent retailer transactions all come from data-breach markets.
Banks never ask customers to move money for their own safety. If you hear the “safe account” phrase, hang up immediately.
How to verify a Halifax text is real
Three rules:
Never call a number from the text. Real Halifax fraud alerts direct you to call the number on the back of your card or use the Halifax UK app secure messaging.
Open the Halifax UK app to check. Every genuine Halifax alert is also visible in the app’s message centre. If the SMS isn’t in the app, it isn’t from Halifax.
Never read an OTP or card-reader code to anyone on a phone call. Anyone asking for one of these over the phone is the criminal.
If you’ve already transferred money
Call Halifax’s real fraud line on 0800 028 1709 (24/7) immediately. Use the phrase: “This was an authorised push payment scam. Please log it under the PSR reimbursement scheme.”
The PSR Mandatory Reimbursement Scheme requires Halifax to reimburse APP fraud victims up to £85,000 for transfers made after 7 October 2024 unless the bank can prove gross negligence. Make the claim in writing within 13 months.
Report to Report Fraud at reportfraud.police.uk. The crime reference number is needed for any Financial Ombudsman escalation.