Lloyds Bank Scam Texts UK

Spot fake Lloyds payee-added, fraud-alert and security-check texts targeting Lloyds and Halifax customers

Last reviewed: 11 May 2026 · ScamSupport research

The Lloyds Banking Group impersonation pattern

Lloyds Banking Group encompasses Lloyds Bank, Halifax, Bank of Scotland and MBNA — together representing one of the largest retail customer bases in the UK and a disproportionate share of bank-impersonation smishing volume. UK Finance reports bank-impersonation losses exceeding £460m in 2024 with Lloyds Group customers consistently in the top three target groups. The same playbook hits all four brands within the group.

Three Lloyds scam-text variants in active circulation

From: LLOYDS or Lloyds (spoofed sender ID, appears in the same SMS thread as real Lloyds alerts)

Body: “Lloyds: A new payee “A. MARSHALL” has been added to your account via Internet Banking. If you did not authorise this, call 020 XXXX XXXX immediately.”

Red flags:

  • Real Lloyds payee-added alerts don’t ask you to call a stated number. They direct you to the app or to the number on the back of your card.
  • When you call the number, a “fraud agent” confirms the payee is fraudulent and walks you through transferring your balance to a “safe account”. That account is the criminal’s.
  • Generic but plausible payee name. “A. MARSHALL”, “J. WILSON”, “PAYEE 4821” — engineered to provoke a panic response.
  • The text is delivered just after midnight or before 7am UK time. Many recent campaigns target customers when they’re half-awake checking the phone — fewer reflective seconds before reacting.

From: Lloyds (spoofed)

Body: “Lloyds Bank: Your security code is 738291. Do not share this code. If you didn’t request a code, call 020 XXXX XXXX to investigate.”

Red flags:

  • The OTP is real. A criminal is logging into your online banking or authorising a transfer at the same moment you receive the text. The OTP is what Lloyds genuinely delivered to authenticate the transaction. When you read it to the “fraud team”, you authorise the criminal’s transfer.
  • The message reads like a genuine OTP delivery because it IS one. Your bank delivered the code in good faith. The criminal triggered the code by attempting to log in or make a payment.
  • Never read an OTP to anyone on a phone call. Not to your bank, not to the police, not to a recovery firm. Banks have other ways to verify your identity. Anyone asking for an OTP over the phone is the criminal.

From: LloydsBank (spoofed)

Body: “Lloyds: Your debit card has been temporarily blocked due to unusual spending. Re-activate at: lloyds-reactivate-uk[dot]com”

Red flags:

  • Card blocks are managed in the Lloyds app, never on third-party domains. The phishing page mimics Lloyds’ real login screen and harvests your Internet Banking user ID, password, memorable information and a Card Reader OTP. The Card Reader code is what the criminal needs to authorise a transfer.
  • Domain check. Real Lloyds lives at lloydsbank.com only. Anything-Lloyds-anything is a clone.
  • The same playbook hits Halifax customers with halifax-reactivate, Bank of Scotland customers with bos-secure, and MBNA customers with mbna-verify. Same criminal infrastructure, different brand mask.

How to verify a Lloyds text is real

Four rules:

  1. Never call a number from the text. Real Lloyds fraud alerts direct you to call the number on the back of your card or use the in-app secure chat.
  2. Open the Lloyds app to check. Every genuine Lloyds alert is also visible in the app’s message centre. If the SMS isn’t in the app, it isn’t from Lloyds.
  3. Never read an OTP or Card Reader code to anyone on a phone call. The code’s purpose is to prove YOU are authorising a transaction. Sharing it with a caller authorises THEIR transaction.
  4. If you’re unsure, hang up and call Lloyds’ real fraud line on 0800 917 7017 (24/7 personal banking fraud). The real fraud team will confirm or deny the alert in seconds.

If you’ve already transferred money or shared an OTP

  1. Call Lloyds’ real fraud line on 0800 917 7017 immediately. Use the phrase: “This was an authorised push payment scam. Please log it under the PSR reimbursement scheme.”
  2. The PSR Mandatory Reimbursement Scheme requires Lloyds to reimburse APP fraud victims up to £85,000 for transfers made after 7 October 2024 unless the bank can prove gross negligence on the customer’s part. Make the claim in writing within 13 months.
  3. Report to Report Fraud at reportfraud.police.uk. You’ll need a crime reference number for any subsequent Financial Ombudsman escalation.
  4. Read our UK Recovery Guide for the full first-60-minutes playbook including PSR “gross negligence” rebuttals.

Related scam guides

Use the Scam Message Scanner →