Vishing and smishing

Vishing and Smishing

The rising threat that can attack on any device

What is vishing and smishing?

Vishing is the fraudulent use of phone calls or voice messages to impersonate trusted organisations to obtain sensitive information1. Smishing is the fraudulent use of SMS text messages to get targets to click malicious links or hand over private information2. Bank Impersonation is a type of vishing and/or smishing, and both forms of fraud are growing threats in the UK3.

What is Bank Impersonation fraud?

Bank impersonation fraud is where the fraudster contacts the victim pretending be from their bank. It often begins with a phone call or text message, where the fraudster might claim there has been fraud on the victim's account, an issue with a transaction or a need to upgrade to or download a new payment channel.

To assist with this, they may state that they need to take control of the computer, or transfer money to a 'safe' account to protect funds. You may be asked to download software or use a webchat and your screen may turn black. This enables the fraudster to initiate transactions without your knowledge and they will ask you to enter your PIN or use your biometric device to complete the process. In doing so, you are authorising the payments set up by the fraudster. This type of fraud is on the rise and can often lead to devastating losses.

Please remember that Barclays will never do any of the following:

  • Ask you to make payments or move money to a ‘safe account’
  • Call you and ask you to provide or enter your PIN or use your biometric device for any reason
  • Take control of your computer.

Fraudsters will even set up fake Barclays sites which look similar to our genuine websites or include a Barclays logo, in order to convince you to download software which allows the fraudsters remote access to your computer. Be extremely vigilant regarding any requests to click on links, visit web addresses or download software to resolve an issue.

If you suspect fraud, or just feel unsure please hang up, disconnect from the internet, and contact our Barclays fraud team using a different phoneline. Do not call back on any numbers provided to you by the caller.

How to prevent vishing and smishing

  • Always be alert: Never assume a caller is legitimate because they know information about you, your company, or your colleagues
  • Don’t rely on caller ID: Caller ID can be faked, so don’t rely on this as an indicator of legitimacy
  • Stop and think: If a call or text creates a sense of urgency stop and think is it legitimate? Do you really need to rush? 
  • Don’t click links: Links received from suspected smishing text messages may contain viruses
  • Contact someone trusted: If you get a suspicious call, end the conversation immediately and call a trusted contact at the organisation in question. Use a different phone as the fraudster can keep the original line open
  • Remember: We will never call you and ask you to share your password, PIN, or payment authorisation codes. 

What to do if you're a victim

  • Don't respond: If you have received a scam text or phone call do not reply to it or call back. Scammers don’t know your number is active until you use it, replying may trigger further smishing attempts.
  • Research: If you suspect you are a victim of vishing or smishing do a web search of the number and the content of the message to see if others have reported similar scams
  • Alert colleagues: Alert colleagues that your company is being targeted and inform them how to report any vishing or smishing attempts 
  • Use antivirus software: Viruses often lay dormant. Use antivirus software on both computers and mobile devices to protect them from virus infection
  • Action Fraud: Report any attacks to Action Fraud by calling 020 7601 2220 or via their website

Wake up to the reality of vishing and smishing

£109.8m was lost to bank impersonation scams in 2022. Ref: 4
32% of people have reported receivng  smishing text messages. Ref: 5
16,000 cases of bank impersonation fraud were reported in 2022 . Ref: 4

Can you spot a vishing call?

Francis and Sam are calling customers to alert them to fraudulent account activity. But can you tell which call is genuine, and which is a vishing scammer? Watch the videos below to find out!

These calls are based on real conversations.

Hi I'm Francis, and I’m calling from the Barclays fraud team.

There have been three payments of £4,200 made from your business account this morning, and I’ll need you to confirm that you made these payments.

Before you do, I’ll need to take you through security.

Can I take your memorable word and passcode in full please?


This is Sam from the Barclays fraud team.

We've noticed unusual activity on your business account and need to take immediate action.

I've already spoken with your Relationship Director David Warner and he's given me the go ahead to contact you.

Before we proceed, you’ll need to verify some account details in full...


Did you guess correctly?

Both calls were from fraudsters.

What were the signs that these calls were scams?

Both fraudsters claimed to be from a bank and asked for personal or account information in full.

Your next steps

Report fraud

To report any fraudulent activity, or attempts, contact Barclays Corporate fraud on 0330 156 0155* or if calling from overseas dial +441606566208.

If you receive a suspicious email, send it as an attachment to  internetsecurity@barclays.co.uk and delete the email immediately.

Are you protected?

To keep yourself, and your organisation protected from criminals, ensure you keep up to date with our latest resources and advice.

Fraud and Scam Toolkit