Santander customers throughout Burton and South Derbyshire are being warned to avoid clicking on a bogus text from fraudsters trying to steal funds from account holders.
The text claims to be from the high street bank but is actually trying to withdraw money from personal accounts.
The message, which claims to have detected 'suspicious activity', comes from the same number as official Santander texts.
This means it will appear in the same feed of messages in people's phones as actual texts from the bank.
The text says: "We have detected suspicious activity on your account. Please verify via the secure link to prevent account lockout."
The bank, which has local branches in Burton, Swadlincote and Ashby, has warned customers not to click the link in the text message as it could download harmful malware onto their devices.
It includes a link to a page which looks very like the official Santander one - but is in fact part of a sophisticated 'smishing' con. The term describes a security attack which sees a Trojan horse, virus or other malware downloaded onto someone’s phone, tablet or laptop. ‘Smishing’ is short for SMS phishing.
A spokesman for the bank told the Daily Post: "We became aware on the evening of March 7 that a number of Santander customers had been targeted by scammers - who had sent them fake SMS messages.
"We gave an 'always on' approach to communicating with customers reminding them that we would never ask them to click on a link in a text message or email.
"Unfortunately scammers are becoming increasingly sophisticated, and targeting customers of many banks and payment companies.
"This text message was an attempt to dupe customers into revealing key information that could allow the scammers to access their accounts."
Santander has issued the following advice to customers:
- Never share your Santander One Time Passcode (OTP), PIN number or online banking password with another person, not even Santander staff;
- Never download software or let anyone log on to your computer devices remotely during or after a cold call;
- Never enter your online banking details after clicking on a link in an email or text message.