Bank Impersonation Phone Scam: How to Spot and Avoid It

Introduction

The bank impersonation phone scam is the number one category of fraud complaint received by financial regulators in both the United Kingdom and the United States, and it is growing faster than almost any other form of consumer fraud. Every day, hundreds of thousands of people receive calls from criminals pretending to be their bank — and thousands lose money as a direct result. If you have received a suspicious call claiming to be from your bank, or if you have already acted on such a call and are worried about what happened, this comprehensive guide from Scammers Expose will give you everything you need to know.

The bank impersonation phone scam is uniquely dangerous for three reasons. First, your bank is one of the most trusted institutions in your life — a caller claiming to represent it carries immediate authority and credibility that most other callers do not. Second, the bank impersonation phone scam typically creates extreme urgency — warning of fraud on your account, an imminent security breach, or a criminal already accessing your funds — that overrides the careful thinking that would otherwise protect you. Third, the technology available to fraudsters in 2026 makes the bank impersonation phone scam almost impossible to distinguish from a genuine bank call — including caller ID spoofing that shows the genuine bank number on your screen.

Financial losses to the bank impersonation phone scam are enormous. UK Finance reports that authorised push payment fraud — the category that includes most bank impersonation phone scam losses — costs UK consumers hundreds of millions of pounds annually. In the United States, the FTC reports billions of dollars in losses to impersonation scams each year, with bank impersonation consistently among the highest-loss categories. Individual losses to the bank impersonation phone scam regularly exceed £10,000 or $10,000, and in serious cases reach six figures.

This guide from Scammers Expose provides a thorough breakdown of the bank impersonation phone scam: how it reaches victims, how it unfolds step by step, every variant currently operating, the warning signs that every bank customer must know, real stories from affected people, what regulators and law enforcement say, and the concrete steps you should take if you have already been targeted. Understanding the bank impersonation phone scam fully is your most powerful protection.

What Is the Bank Impersonation Phone Scam?

The bank impersonation phone scam is a category of fraud in which criminals contact victims by phone — and increasingly by SMS or email — while pretending to be representatives of the victim’s bank or financial institution. The goal is to steal money, banking credentials, or personal information by exploiting the trust that people place in their bank and the fear that is created by warnings of fraudulent activity on their account.

The bank impersonation phone scam is technically sophisticated in ways that make it extremely difficult to identify even for careful, informed consumers. Caller ID spoofing allows criminals to make their call appear to originate from the genuine phone number of the bank — the same number printed on the back of the victim’s debit card or published on the bank’s official website. This means that a victim who checks the number calling them against their bank’s genuine number will find that they match — and will have no technical means of identifying the call as fraudulent.

The bank impersonation phone scam also exploits a phenomenon known as warm line fraud — where the criminal calls the victim on their mobile while the victim’s landline is kept off-hook by the criminal holding a previous call open. When the victim hangs up and attempts to call their bank on the number on their card, they are still connected to the fraudster rather than to the genuine bank. This technique is now less effective than it once was due to changes in telephone exchange technology, but awareness of it remains important.

What distinguishes the bank impersonation phone scam from other frauds is the level of prior knowledge the caller may already have about the victim. Data obtained through breaches, purchased from criminal data brokers, or gathered through social media research allows bank impersonation phone scam operators to know the victim’s name, address, partial account or card number, recent transaction details, and other information that would normally indicate a genuine bank representative. This prior knowledge is the most powerful tool the scammer has — and it is the element that most frequently causes victims to lower their guard.

How the Bank Impersonation Phone Scam Works Step by Step

Step 1: The Call Arrives

The bank impersonation phone scam begins with an unexpected phone call. The caller introduces themselves as a fraud prevention specialist, security advisor, or customer protection representative from your bank. They may give a name, an employee reference number, and a department — all fabricated but designed to sound entirely legitimate. The number displayed on your screen may match your bank’s genuine contact number due to caller ID spoofing. There is nothing in the initial presentation of the bank impersonation phone scam call that allows the average consumer to identify it as fraudulent.

Step 2: Establishing False Credibility

The bank impersonation phone scam operator immediately works to establish credibility by demonstrating prior knowledge. They may address you by your full name, reference the last four digits of your account or card number, mention a recent transaction on your account, or describe your home address — all sourced from data breaches or criminal databases. This information, which you naturally associate with your bank, creates a powerful impression that the caller must genuinely be who they claim to be. This is the critical moment in the bank impersonation phone scam — once the victim accepts the caller’s legitimacy, the subsequent extraction of money or information becomes dramatically easier.

Step 3: Creating Urgency and Fear

With credibility established, the bank impersonation phone scam creates extreme urgency. Common scenarios include: fraudulent transactions are currently being processed on your account and must be stopped within the next hour, a criminal has gained access to your online banking and is draining your account right now, your debit card has been cloned and is being used at multiple ATMs, or your account is subject to a legal hold due to suspicious activity that you must resolve immediately. The urgency prevents the victim from pausing to verify the call independently — which is exactly what the bank impersonation phone scam is designed to achieve.

Step 4: Requesting Sensitive Information or Action

Once fear and urgency are established, the bank impersonation phone scam moves to extraction. Depending on the variant, this may involve requesting your full card details including the CVV, asking for your online banking password or PIN, requesting a one-time password sent to your phone under the guise of “verifying your identity”, instructing you to authorise a transaction through your banking app to “move your money to a safe account”, or asking you to install a remote access application to allow the bank’s “technical team” to secure your account.

The request for a one-time password is particularly significant. In many cases, the bank impersonation phone scam operator has already initiated a genuine transaction on your account — using credentials obtained through a previous data breach or phishing attack — and needs your OTP to complete the authorisation. By framing the OTP request as a security verification step, the scammer causes you to authorise the very transaction that steals your money.

Step 5: The Safe Account Transfer

The most financially devastating variant of the bank impersonation phone scam involves the “safe account” transfer. The victim is told that their current account has been compromised and that — for their own protection — they must immediately transfer their funds to a new, secure account that the bank has set up for them. In reality, the “safe account” is controlled by the criminals. Once the transfer is made, the money is moved rapidly through a chain of accounts before being withdrawn. This authorised push payment variant of the bank impersonation phone scam is the most common cause of large individual losses because the victim makes the transfer themselves — which complicates recovery.

Step 6: The Disappearance

Once the bank impersonation phone scam has achieved its objective — whether stealing credentials, capturing an OTP, or directing a transfer to a criminal account — the call ends and the scammer becomes unreachable. The victim typically discovers the fraud when they check their account and find unauthorised transactions, a depleted balance, or a transfer they authorised themselves now showing in their transaction history. By this point, the money has already been moved through multiple accounts and may be extremely difficult to recover.

Bank Impersonation Phone Scam: The Most Common Variants

The Safe Account Scam

The most financially destructive variant of the bank impersonation phone scam instructs the victim to transfer funds to a “safe account” to protect them from fraud on their existing account. The safe account is controlled by criminals. Victims are sometimes instructed to make multiple transfers — often describing them at the bank counter or ATM as gifts, investments, or business payments to avoid detection. No genuine bank will ever ask you to move money to a new account over the phone as a fraud protection measure.

The OTP Harvesting Scam

In this variant of the bank impersonation phone scam, the scammer has already obtained the victim’s banking login credentials — through a previous phishing attack or data breach — and has initiated a transaction that requires OTP authorisation. The call is made to harvest that OTP by framing its collection as a “security verification” or “transaction confirmation” step. Sharing the OTP completes the authorisation of a transfer that the victim did not intend to make. Your bank will never ask you to share an OTP over the phone.

The Remote Access Scam

This variant of the bank impersonation phone scam involves the caller claiming that a technical specialist needs remote access to the victim’s device to resolve a security issue or investigate fraudulent activity. The victim is instructed to download a remote access application — AnyDesk, TeamViewer, or similar — and share an access code. Once access is granted, the scammer can see and control the victim’s device, access their banking apps directly, and initiate transactions. No legitimate bank technical support will ever require remote access to a customer’s personal device.

The Courier Scam

This variant of the bank impersonation phone scam instructs the victim to hand their bank card — and sometimes cash — to a courier who will arrive at their home. The caller claims the card needs to be collected for investigation, destruction, or replacement. Some victims have handed over multiple cards and thousands of pounds in cash to people presenting as bank couriers. No bank ever sends a courier to collect a customer’s card or cash. Any such instruction is definitively a bank impersonation phone scam.

The Vishing SMS Follow-Up Scam

This variant of the bank impersonation phone scam begins with a text message appearing in the genuine bank SMS thread — using sender ID spoofing — warning of suspicious activity and providing a number to call. When the victim calls the number, they reach a fraudulent call centre staffed by scammers who complete the impersonation. The combination of an authentic-looking text message and a responsive phone line makes this variant of the bank impersonation phone scam particularly convincing.

Bank Impersonation Phone Scam Warning Signs

• Any request for your PIN, password, or OTP: Your bank will never ask for your PIN, online banking password, or one-time password over the phone under any circumstances. This is the single most definitive warning sign of the bank impersonation phone scam
• Instructions to transfer money to a “safe account”: No bank ever asks customers to move money to a new account over the phone as a security measure. Any such instruction is a bank impersonation phone scam regardless of how official the caller sounds
• Extreme urgency — your account is being drained right now: Artificial urgency is the primary tool of the bank impersonation phone scam. Genuine bank security teams operate calmly and methodically — they do not create panic to force immediate action
• A request to install remote access software: No legitimate bank technical team will ever ask you to install AnyDesk, TeamViewer, or any other remote access application. Any such request is definitively a bank impersonation phone scam
• A courier coming to collect your card or cash: Banks do not send couriers to customers’ homes to collect cards or cash. Any such instruction is a bank impersonation phone scam courier variant
• The displayed number matches your bank — but something feels wrong: Caller ID spoofing means a matching number is not proof of legitimacy. If something feels wrong about the call — pressure, urgency, unusual requests — trust your instinct. Hang up and call your bank directly on the number on the back of your card
• Instructions to keep the call secret from bank staff: If the caller tells you not to mention this call to staff at your branch or on the official helpline, you are being targeted by a bank impersonation phone scam. Genuine bank security teams have no reason to ask for secrecy
• Being told to lie to bank staff or ATM machines: Some bank impersonation phone scam operators instruct victims to tell bank counter staff or describe ATM withdrawals as being for a specific purpose — typically gifts or personal savings. No legitimate bank process requires this

Real Stories: How the Bank Impersonation Phone Scam Destroys Finances

Story 1: The Retired Nurse and the Safe Account

A retired nurse in her late sixties received a call that displayed her bank’s genuine number on her phone screen. The caller identified themselves as a fraud specialist, gave her the last four digits of her account number and her home address, and told her that £28,000 in fraudulent transfers had been attempted on her account by a criminal inside the bank. She was told to transfer her savings immediately to a new “secure government holding account” to protect them while the investigation proceeded.

She transferred £28,000 in three separate transactions over two days — the caller stayed on the phone throughout, coaching her on what to say to bank staff who asked about the purpose of the transfers. When her daughter visited two days later and she described what had happened, the fraud became immediately apparent. Her bank was able to recover £4,200 through a trace but the remaining £23,800 was irrecoverable. The bank impersonation phone scam had taken a lifetime of savings in 48 hours.

Story 2: The Business Owner and the OTP

A small business owner received a call from someone who knew his business banking details, his recent payroll transaction amounts, and the names of two of his employees. The caller claimed to be from his bank’s commercial fraud team and said suspicious login attempts had been detected on his account. To verify his identity and “lock out the fraudster”, he needed to confirm the OTP that was about to be sent to his phone.

He shared the OTP. Within three minutes, £47,000 had been transferred from his business account — a payment the caller had already initiated using credentials obtained through a previous phishing attack. The OTP the business owner provided was the final authorisation needed to complete the theft. The bank impersonation phone scam had exploited information from a previous data breach to make itself completely convincing.

Story 3: The Student and the Remote Access

Story 3: The Student and the Remote Access

A university student received a call claiming to be from her bank’s technical security team, warning that her account had been accessed from an overseas device and that her online banking needed to be “re-secured” remotely. She was instructed to download AnyDesk and share the access code with the “technical specialist.” Once connected, the caller navigated her banking app while she watched — telling her he was “running security checks” — and transferred £3,400 to an account he described as “the bank’s secure holding facility.”

She only realised what had happened when she received a genuine notification from her bank about the outgoing transfer. By the time she called her bank directly, the money had already been moved through two further accounts. She recovered £800 through her bank’s fraud compensation process but lost £2,600 permanently. The bank impersonation phone scam had exploited her trust in her bank’s security processes to steal money she had saved over two years of part-time work.

What Authorities Say About the Bank Impersonation Phone Scam

The bank impersonation phone scam has been the subject of sustained and urgent warnings from financial regulators, banking industry bodies, and consumer protection agencies across the world — all of whom identify it as one of the most financially damaging and rapidly growing categories of consumer fraud.

UK Finance — the trade body representing UK banks — publishes annual fraud data that consistently shows authorised push payment fraud, driven primarily by the bank impersonation phone scam, as the largest single category of fraud loss by value. UK Finance operates the Take Five to Stop Fraud campaign, which specifically advises consumers to stop, challenge, and protect themselves when receiving unexpected bank calls. Guidance is available at takefive-stopfraud.org.uk.

Action Fraud in the United Kingdom accepts reports of the bank impersonation phone scam and publishes regular consumer alerts about active campaigns. Action Fraud consistently identifies bank impersonation as the highest-loss fraud category for individual UK consumers. Report at actionfraud.police.uk or call 0300 123 2040.

The Federal Trade Commission in the United States identifies bank and financial institution impersonation as one of the top impersonation scam categories by total financial loss, noting that losses to this category have grown significantly year over year. The FTC’s consumer guidance specifically addresses the safe account transfer variant and OTP harvesting variant of the bank impersonation phone scam. Report at reportfraud.ftc.gov.

The Financial Conduct Authority in the United Kingdom requires banks to reimburse victims of authorised push payment fraud in many circumstances under the Contingent Reimbursement Model code — though eligibility depends on whether the victim took reasonable precautions. The FCA’s consumer protection guidance is available at fca.org.uk.

How to Protect Yourself from the Bank Impersonation Phone Scam

Apply the Four Golden Rules

Every major bank and financial regulator communicates four absolute rules that defeat the bank impersonation phone scam every time. Your bank will never ask for your PIN or full password. Your bank will never send a courier to collect your card. Your bank will never ask you to transfer money to a safe account. Your bank will never ask you to share an OTP to verify your identity. If any caller asks you to do any of these four things — regardless of how official they sound and what number is displayed on your screen — end the call immediately. You are being targeted by a bank impersonation phone scam.

Hang Up and Call Back on the Official Number

If you receive any call claiming to be from your bank that creates urgency, requests sensitive information, or instructs you to take any financial action, hang up immediately. Wait at least five minutes before calling back — this ensures any line the scammer may have been holding open is fully cleared. Use the number on the back of your card or on the bank’s official website — found by typing the URL directly into your browser, not by following a link in any message. This single step defeats the bank impersonation phone scam completely every time.

Never Share OTPs Over the Phone

A one-time password is a security code sent to your phone to authorise a specific transaction or login. No bank representative — genuine or otherwise — needs you to read that code to them over the phone. The moment any caller asks you for an OTP, the call is a bank impersonation phone scam. End the call immediately without sharing the code. If you have already shared an OTP, call your bank immediately — the scammer may have only seconds to use it.

Never Install Remote Access Software at a Caller’s Request

No legitimate bank security or technical support service will ever ask you to install AnyDesk, TeamViewer, QuickSupport, or any similar remote access application. If any caller — regardless of how official they sound or what number is displayed on your screen — makes this request, end the call immediately. Installing remote access software at the request of an unknown caller is one of the most dangerous actions a bank customer can take and is a defining feature of one of the most financially damaging variants of the bank impersonation phone scam.

Set Up Transaction Alerts and Daily Transfer Limits

Enable real-time SMS and push notification alerts for every transaction on your account through your bank’s app or online banking settings. Set a daily transfer limit that reflects your normal banking activity — any transfer above that limit requires additional verification. These measures will not prevent the bank impersonation phone scam from being attempted, but they limit potential losses and provide immediate notification of any unauthorised activity.

Educate Elderly and Vulnerable Family Members

The bank impersonation phone scam disproportionately targets older adults, who are statistically more likely to trust authority figures, less familiar with the specific mechanics of caller ID spoofing, and more likely to hold significant savings. Proactively share the four golden rules with elderly parents, grandparents, and vulnerable people in your life. A five-minute conversation could prevent a financially devastating loss.

What to Do If You Have Been Targeted

Call Your Bank Immediately

If you believe you have been targeted by the bank impersonation phone scam — whether or not you have already shared information or made a transfer — call your bank immediately using the number on the back of your card. Do not use any number provided by the caller. Report what happened, provide details of any transfers made or information shared, and ask your bank to freeze your account and investigate all recent activity. Speed is critical — the sooner your bank knows, the better the chances of recovering funds before they are moved further.

Report to Action Fraud or the FTC

UK victims should report the bank impersonation phone scam to Action Fraud at actionfraud.police.uk or call 0300 123 2040. US victims should report to the FTC at reportfraud.ftc.gov. Provide all available information — the phone number used, the time of the call, what information was shared, what transfers were made, and any reference numbers or names provided by the caller.

Request Reimbursement Under Consumer Protection Rules

UK victims of the authorised push payment variant of the bank impersonation phone scam should formally request reimbursement from their bank under the Contingent Reimbursement Model code or the Payment Systems Regulator’s mandatory reimbursement requirements, which came into force in 2024. If your bank declines to reimburse you and you believe you took reasonable precautions, escalate the complaint to the Financial Ombudsman Service at financial-ombudsman.org.uk.

Change All Compromised Credentials Immediately

If you shared any banking credentials during the bank impersonation phone scam — including online banking passwords, PINs, or security answers — change them all immediately through your bank’s official app or website. If you installed remote access software, uninstall it and have your device checked by a trusted technician for any remaining malware before using it for banking again.

Warn Others in Your Community

Share your experience of the bank impersonation phone scam with family, friends, and community networks — particularly if you know others who may be vulnerable to this type of fraud. Your account of how the scam operated could be the warning that prevents someone else from losing their savings. Post your experience on consumer forums, the BBB Scam Tracker, and Trustpilot to contribute to the public record of active bank impersonation phone scam campaigns.

Conclusion

The bank impersonation phone scam is the most financially devastating single call you will ever receive. It succeeds not because its victims are careless but because it is designed with extraordinary precision to exploit the trust that people have in one of the most important institutions in their financial lives — their bank. The combination of caller ID spoofing, prior knowledge, extreme urgency, and authority impersonation creates a fraud that is genuinely difficult to identify in the moment, regardless of how informed the victim is.

The defence against the bank impersonation phone scam is four absolute rules applied without exception: your bank will never ask for your PIN or password, will never send a courier for your card, will never instruct you to move money to a safe account, and will never ask you to share an OTP over the phone. If any caller asks you to do any of these things, hang up immediately and call your bank directly on the number on the back of your card. These four rules defeat the bank impersonation phone scam every single time.

If this article helped you understand the bank impersonation phone scam, please share it with everyone you know — particularly elderly family members and anyone who may be less familiar with how this fraud operates. A single conversation could protect someone you love from a devastating financial loss. For more scam alerts and consumer protection advice, visit Scammers Expose.

Related Articles

If you found this article helpful, you may also want to read these related scam awareness guides:

• Amazon Gift Card Scam: Warning Signs You Must Know
• Romance Scam on Facebook: How to Spot and Avoid It
• IDFC Scam: How It Works, Warning Signs, and How to Protect Yourself
• Phishing Scam Warning: Signs, Examples, and How to Stay Safe
• EE Points Scam: How It Works, Warning Signs, and How to Protect Yourself