I clicked the link. Everything changed.

A text looked like a brand I use—account issue, tap to fix.

I was between tasks and clicked without expanding the sender or URL.

The page copied the real login flow; I entered credentials and a card for “verification.”

Within hours unauthorised charges and password resets from other sites began.

Smishing plus a fake site harvests logins and card data in one session.

The company had never sent that message.

I was in a hurry and afraid of a locked account; checking the link felt slower than tapping through.

The real company’s fraud line said no SMS campaign had gone out; comparing the link to the official domain showed the typo.

New cards, disputes, and password resets ate a week; I felt foolish every time an alert pinged.

I do not use fix or verify links from texts.

I open the app or typed URL only.

• Do not click account links in SMS or email; log in through the official site or app.
• Report phishing to the company and FTC (US) or local fraud lines.

For more help, see our Report a scam page and Spot and avoid scams guide.