Real Bank Alert vs Account Takeover Impersonation Message
How to tell a genuine bank security alert from a fake message designed to trick you into handing over your credentials or authorising a payment.
Last reviewed: 1 June 2026
Banks do send fraud alerts — but fraudsters send near-identical fake messages at scale. The goal of a fake alert is to panic you into acting fast: clicking a link, calling a spoofed number, or approving a 'reverse' payment that actually sends money to the attacker.
Side-by-side comparison
| Genuine bank security alert | Account-takeover impersonation message | |
|---|---|---|
| Content of alert | Names a specific transaction, merchant, or amount that corresponds to something in your account history | References a vague 'suspicious payment' with no specific merchant, amount, or transaction ID |
| Action requested | Asks you to confirm or decline via your banking app or by calling the number on the back of your card | Asks you to click a link, call a specific number in the message, or approve a 'reversal payment' |
| One-time passcode use | OTP is sent only for actions you initiated in your banking app — never requested by your bank over the phone | Caller asks you to read out an OTP 'to verify your identity' or 'to cancel the fraudulent payment' |
| Reverse payment request | Banks never ask you to transfer money to a 'safe account' to protect it from fraud | Instructs you to move funds to a 'secure holding account' they control while they 'investigate' |
| Caller ID | Bank may call from its published number but will never object to you hanging up and calling back | Spoofs the bank number; insists you must not hang up or the fraud window will expire |
| Personal detail handling | Partial verification only — never your full password, PIN, or card number | Asks for full card number, PIN, memorable word, or internet banking password to 'verify you' |
Common red flags
- Asked to move money to a 'safe account'
- Caller insists you must not hang up
- Asked to read out an OTP the bank is sending
- Alert references a transaction with no specific details
- Caller asks for your full PIN or internet banking password
Verification steps
- Hang up and call the number on the back of your debit or credit card
- Never read an OTP to anyone who called you — your bank will never ask for this
- Check your banking app directly for any real transaction alerts
- Tell a trusted person if you receive an unexpected urgent bank call before taking any action
What not to do
- Do not move money to any account because a caller instructed you to
- Do not read out an OTP or one-time passcode to an incoming caller
- Do not provide your full PIN, password, or card number to anyone who called you
A safe response
Hang up and call your bank using the number printed on your card. A genuine fraud case will still be there when you call back — there is no legitimate reason to stay on a suspicious call.
Frequently asked questions
Can scammers really fake my bank phone number?
Yes — telephone number spoofing is straightforward and cheap. Seeing your bank number on caller ID does not confirm the caller is your bank. Always hang up and call back on the number from your card.
What is a safe account scam?
A variation of bank impersonation where the caller tells you your account is compromised and instructs you to move funds to a 'safe account' they control. Banks never ask customers to do this.