WhatsApp and text scam alerts are rising in the UK: what readers need to know
UK authorities and fraud-prevention bodies are again warning about scam messages sent by text and messaging apps, including WhatsApp. The messages often pretend to be from parcel firms, banks, government departments or services that send verification codes. Recent UK Finance material says fake parcel delivery texts are a major smishing scam, while the National Cyber Security Centre (NCSC) and GOV.UK continue to warn people not to click suspicious links, share codes or reply to unexpected messages. (ukfinance.org.uk)
What is happening
The common pattern is straightforward: a scammer sends a message that looks urgent and official. It may claim you owe a delivery fee, that your bank account has been locked, or that you must confirm a one-time code to keep an account secure. In March 2026, the NCSC specifically warned that people should not share verification codes or scan unexpected QR codes in messaging-app attacks. UK Finance has also said delivery scams remain the most prevalent form of smishing. (ncsc.gov.uk)
These scams are not limited to SMS. HMRC says criminals can contact people through applications such as WhatsApp, and official guidance treats suspicious app messages in the same way as scam texts: don’t respond, don’t click, and don’t give out private information. (gov.uk)
Why it matters
These messages work because they create pressure. A fake parcel message suggests a small payment or a missed delivery. A fake bank alert suggests immediate account risk. A verification-code message tries to trick you into handing over the final step criminals need to take over an account. The NCSC says phishing texts are often designed to steal passwords, personal details or money, and the Met Police warns that banks and the police will never ask for a PIN, card, cash or high-value purchases. (ncsc.gov.uk)
For many people, the danger is not just a lost parcel fee. Once a scammer has a code, password or enough personal information, they may be able to access email, shopping, banking or messaging accounts, or use the details to launch further scams. (ncsc.gov.uk)
Who may be affected
In practice, almost anyone with a mobile phone or online account can be targeted. People who shop online, expect deliveries, use mobile banking, or rely on two-step verification are especially likely to receive these messages. Recent Ofcom research also reflects how common suspicious calls, texts and app messages have become in daily life. (ofcom.org.uk)
Older adults, busy parents, frequent online shoppers and small business owners may be particularly vulnerable because scammers often use messages that sound routine and time-sensitive. That said, no group is immune. (ncsc.gov.uk)
Warning signs to watch for
- Urgency: “Act now”, “final warning” or “your account will be closed today”.
- Unexpected contact: a delivery, bank or government message you were not expecting.
- Links you are pushed to tap: especially shortened links or odd-looking web addresses.
- Requests for codes: any message asking you to read back or forward a verification code.
- Payment requests: “small delivery fee”, “refund”, “fine” or “security check” payments.
- Poor wording or slight brand changes: a sign the sender may be spoofing a real organisation.
Official guidance repeatedly says not to give out passwords, bank details or one-time codes, and not to click links unless you are sure the message is genuine. (gov.uk)
What to do now if you receive a suspicious message
- Do not click the link.
- Do not reply.
- Do not share any verification code.
- Check the claim independently by opening the app or website yourself, not through the message.
- Contact the organisation using a number or site you already trust, such as the number on your bank card or the company’s official website.
- Forward suspicious texts to 7726, which is free in the UK.
- Report scam emails to report@phishing.gov.uk if relevant.
If you think you have already responded, GOV.UK advises people to protect themselves straight away, and if money has been lost or you have been hacked, to report it to Action Fraud in England, Wales and Northern Ireland, or Police Scotland if you are in Scotland. (gov.uk)
If the message claims to be from your bank, parcel firm or HMRC
Be careful about trusting the sender name alone. Scammers can make messages look convincing. HMRC says it will never contact people in certain ways about personal details, and its guidance notes that scammers sometimes use WhatsApp messages as part of fake contact attempts. The NCSC and GOV.UK both recommend checking independently through official channels rather than using the links in the message. (gov.uk)
For parcel scams, UK Finance says the usual trick is a fake delivery problem that asks you to pay a fee or update details. If you are genuinely expecting a parcel, use the courier’s official app or website and track it from there. (ukfinance.org.uk)
How to stay safer next time
- Turn on two-step verification for important accounts, but never share the code with anyone. (ncsc.gov.uk)
- Use strong, unique passwords and consider a password manager. (ncsc.gov.uk)
- Be cautious with QR codes, especially if they arrive unexpectedly. (ncsc.gov.uk)
- Keep your privacy settings tight on social media, because scammers use public information to make messages sound believable. (ncsc.gov.uk)
- Agree a family rule for checking payment or code requests by a separate channel, such as a phone call to a known number. (gov.uk)
- Report suspicious texts promptly so providers can block and investigate them. (ncsc.gov.uk)
Why this is a good time to be extra careful
Recent UK guidance suggests scam activity is still active and adaptable. UK Finance’s 2026 material highlights parcel delivery scams as a leading smishing tactic, and the NCSC has continued to update advice on messaging-app targeting and code theft. In other words, these are not old-fashioned nuisance texts; they are part of a live fraud problem that keeps changing its format. (ukfinance.org.uk)
If a message feels off, pause. A few seconds of checking can prevent a costly mistake. (gov.uk)
Key takeaway
Fake parcel, bank and verification-code messages are still circulating in the UK, including through WhatsApp and text. Do not click, do not reply, and never share a code. Verify requests through official channels, report suspicious texts to 7726, and use GOV.UK or your bank’s trusted contact details if you are unsure. (ukfinance.org.uk)