This article below is worth a read in full.
It would seem you are now advised NOT to trust any text or email received from your Bank.
Fraudsters now can clone bank texts and it appears they are able to know all your recent transactions. This makes it very hard for anyone to detect a fraud save the most cautious and tech savvy customers.
Always best to employ this strategy: when you receive any such bank communication, always call the phone number on the back of your bank card and check the communication you received is authentic.
It's a bit long winded but it should keep you safe.
The question remains, how are the fraudsters accessing all this information?
The article speculates as follows:
"Both victims had registered their debit cards with Uber. The company has admitted its customers’ mobile phone, email and other personal details were hacked last year, but claimed no card details were compromised. Many shopping sites have poor online security, and there are probably other hacking incidents of which consumers are not even aware. Any one of these might have led to fraudsters obtaining crucial details about the students."
Uber demonstrates a problem. Like Uber, some companies it seems are not forthcoming about security lapses, no doubt fearful of terrible PR. This compounds already serious security lapses that exist out there.
When Alison Dean received a text from her bank, the Co-operative, asking whether she had just made a £999 purchase – asking her to call the bank if she hadn’t – she did what many of us would have done, and dialled the number in the message. After all, the text had clearly come from the bank – it was listed on her handset amid previously sent texts that the PhD student knew had come from the Co-op – and she was well used to getting such messages from the bank.