Scammers are sending fake messages to mobile phone users telling them to change their bank information.
The fake messages to O2 customers claim that payments have not gone through, so customers need to update their payment details.
But the link leads to a fake website - where criminals will steal your bank account details.
O2 says it's an SMS phishing scam - or smishing - sent out by fraudsters in the hope that customers will click on a link and enter personal details.
A spokesman for the phone company said: "This looks to be an example of an SMS phishing (smishing) scam where fraudsters will send out fraudulent links in the hope that a customer clicks and enters personal details."
"O2 would never email, text or call customers and ask for a one-time code, password, or other security information set up on their O2 account."
The text message to be wary of reads: "O2: Payment for your latest bill could not be processed by your bank. Please update your information".
What to do if you get a suspicious text
If you receive one of the text messages, you can make O2 aware by forwarding it to 7726.
You can also report it to Action Fraud or email the Government's new phishing report service: report@phishing.gov.uk
What are the signs a message may be fake?
O2 says it will never email, text or call customers and ask for a one-time code, password or other security information set up on your O2 account.
It says: "These scams work by sending you an email, text, or by someone calling you pretending to be from your bank, service provider, the police or another trusted company.
"The message or caller might ask for personal or financial information such as personal security details, bank details, one-time codes or passwords, or they might ask you to visit a fake website that looks real. The site will have a form asking for personal information like usernames, passwords, bank account details or pins.
"These messages or calls can be very convincing and look or sound like genuine messages sent by organisations you already deal with.
"They might even appear within an existing text message string from an organisation you know, for example, some of ours are ‘My O2’, ‘o2uk’, ‘O2SwapMySim’."
The signs a message might be fake include:
- Spelling mistakes
- Using a generic 'dear customer' header
- You are asked provide sensitive personal or financial information, passwords, or to make transactions by following a link in the message
- There are suspect links or a name in the header with extra letters, numbers or substitutions. For example, a phishing scam trying to imitate O2 might replace the letter 'O' with the number zero
- You're asked to call a certain number you don’t recognise. In this case, call your bank on a number that you trust, like the one on the back of your card, to check the message is authentic
- The sender uses an urgent tone, telling you to act now.
