Earlier this week, my holiday was interrupted by a sophisticated SMS scam. Rude! Let's take a look at it.
Let's take a look at all the ways we can tell it is a scam.
Firstly, and most obviously, I am not a customer of Lloyds Bank! But these scammers send out to multiple people hoping to catch victims.
Secondly, I've not made a complaint to Lloyds! But, again, scammers know that plenty of people have. So this adds a touch of authenticity. If you were a Lloyds customer who had recently complained - you're now primed to accept the scammer's call and treat it as legitimate.
Thirdly, that phone number. If you call it, a recorded voice says "Welcome to customer services..." Whose customer services? It doesn't say "Welcome to Lloyds". This is likely a number that scammers put on texts claiming to be from HSBC, Lloyds, NatWest. Cheaper for them to have a single phone number.
Fourthly, the reference number. It is just my phone number! That's an unusual reference number for a bank.
There's some weird spacing between "Mr" and "Eden" - not what I'd expect from a professional message.
What do you think of the SMS? Would you flag it as spam? I asked my Twitter followers and their responses were unanimous.
Do you think that SMS from Lloyds is…
— Terence Eden (@edent) July 13, 2021
A few minutes after receiving the SMS, I got a call from a Peterborough number - not the 0800 number. The phone number was flagged as suspicious (read the number's reviews).
After the customary pleasantries, the voice at the end of the phone said "Can you just confirm your name and address for me please?"
I replied that I didn't give that information out to cold callers.
"Completely understandable sir. If you check your messages, you'll see an SMS from us scheduling the call. Did you receive that?"
I replied that I get lots of spam texts and that I couldn't be sure it was legitimate.
We reached an impasse.
With a little subtle social engineering on my part, I found out the nature of the complaint. And then I realised... it was a legitimate call!
A few months ago, I'd complained to Halifax Bank that they were sending letters to someone who didn't live at my address.
The 0800 phone number is owned by Halifax
Did Halifax bank turn into Lloyds… ??— Lorraine Underwood (@LMcUnderwood) July 13, 2021
Tweet from 2015 mentions that number https://t.co/BO3tpwHEhe
Halifax are part of Lloyds Bankings Group.
The geographic number I received a call from is the Lloyds outbound number.
In my defence - this did have most of the Hallmarks of a scam! Lloyds have tried to do the right thing by alerting me that the call is coming. They've provided a trusted phone number for me to call if I am concerned. They've given me the name of the caller, and a reference number.
But these are all things a scammer can do as well!
Lloyds could have made this better. Does the average user know that Halifax is part of Lloyds? I didn't. Why didn't the call come from the number that they'd sent in their text? Would a link to a simple URl like
lloyds.com/contact have reassured me? How about
Instead, several silly mistakes and my unhealthy paranoia collided and convinced me it was a scam.
What's the solution here? Sure, Lloyds can up their game - but a canny scammer can just tweak the wording and send out a convincing forgery. We can all abandon SMS and move to some cryptographically signed service which no one can use properly. We can hope that mobile networks crack down on SMS spam and only let legitimate messages through. Or users can dial down their paranoia - and hope for the best.
But, sadly, it seems that trusting messages from financial services are all but impossible right now.