"Update your payment details"—the text wasn't from my bank

A text said there was unusual activity and I needed to update payment details now. The link copied my bank's mobile layout well enough that I entered login and a one-time code while boarding a flight.

Stress and low battery at the gate made me move fast. The fake site mirrored every button I recognised; within minutes they moved a large chunk to a mule account while I was still in the air.

Smishing pairs spoofed SMS with phishing pages that bypass app habits. Real banks do not ask for full credentials through links. I froze accounts from airport Wi-Fi once the real bank texted a genuine alert.

Travel chaos plus urgency created a perfect storm—I wanted the "problem" gone before takeoff.

On a laptop later that night the URL showed a .co instead of .com—obvious at desktop scale, invisible on a narrow phone bar mid-rush.

The trip soured and my partner was furious at first, though we eventually focused on recovery steps instead of blame.

I only open my bank from a typed URL or the official app now, and I forward suspicious SMS to 7726 before I tap. I wish I had called the number on my card from the gate.

• Call the number on your card—never one provided in a random text.

For more help, see our Report a scam page and Spot and avoid scams guide.