Fake Revolut OTP Interception Scam
Fraudsters impersonating Revolut call or text victims to claim there is suspicious activity on their account, then talk them into revealing the one-time passcode Revolut just sent — allowing attackers to authorise transfers or log in to the victim's account.
Part of: Fake Two-Factor Authentication Scams
Last reviewed: 7 June 2026
Revolut's security model relies heavily on in-app biometric authentication and one-time passcodes (OTPs) delivered by SMS or in-app notification. Criminals who want to take over a Revolut account therefore focus on obtaining these short-lived codes, since they cannot easily bypass the underlying authentication without them. Social-engineering attacks that convince users to hand over OTPs have become a primary attack method against Revolut customers.
The typical scenario begins with a text or automated call that mimics Revolut's fraud-alert tone, warning that an unusual login or large transaction has been detected. The message instructs the victim to call a specific number or to reply with a code to 'block the suspicious activity'. That number connects to a fraudster who sounds professional and knowledgeable, having researched the victim's name and account details from data breaches or social media.
As the fraudster talks the victim through 'securing' the account, Revolut's genuine system sends an OTP to the victim's phone. The fraudster asks the victim to read it aloud to 'confirm their identity'. That code is immediately used to authorise a transfer or complete a device-pairing request, emptying the victim's Revolut balance.
How this scam works on the Revolut brand
Revolut's genuine security communications arrive through the official Revolut app as push notifications or in-app messages, and — for some alerts — as SMS from a recognised Revolut sender name. Revolut's own support is delivered exclusively through in-app chat; the company does not make outbound support calls to customers proactively.
The fake call creates pressure by claiming that the victim must act in the next few minutes or the 'fraudulent transaction' will complete. This urgency prevents the victim from pausing to verify through the app. The caller may already know the victim's Revolut balance, name, and registered email — details sourced from credential dumps — which lends false credibility to the claim that they are a Revolut representative.
Revolut's app displays a warning when an OTP is generated: 'Never share this code with anyone, not even Revolut staff.' That exact message reflects the company's awareness of this attack pattern. Handing the code to the caller bypasses all of Revolut's technical security.
Common red flags
- An unexpected call or SMS claiming to be from Revolut about suspicious activity on your account
- The caller asks you to read aloud an OTP, PIN, or verification code that just arrived on your phone
- You are told to act within minutes or a transaction will complete — creating artificial urgency
- The 'support agent' contacted you — Revolut does not make outbound support calls
- Caller references balance figures or personal details to seem credible, then asks for a code
- You are directed to a phone number not listed in the Revolut app or on revolut.com
- Any request to temporarily transfer funds to a 'Revolut security wallet'
How to protect yourself
- Open the Revolut app and use in-app chat to contact support — never call a number given in a text or email
- Never share an OTP with anyone, even a caller claiming to be from Revolut — the in-app warning says exactly this
- Enable the Revolut 'Wealth Protection' or 'Security Lock' feature that requires biometric confirmation for large transfers
- Set a spending limit for instant transfers in Revolut settings to limit potential losses
- If you receive a suspicious call, hang up and verify directly through the app before taking any action
- Review your Revolut linked devices regularly and remove any you do not recognise
- Report suspected fraud immediately through in-app chat so Revolut can flag your account
How to report it
- Report through Revolut in-app chat: tap your profile > Help > Chat with us
- If a transaction occurred, use 'Report an issue' against the specific transaction in the app
- In the UK, report to Action Fraud at actionfraud.police.uk or call 0300 123 2040
- In the EU, contact your national financial conduct authority
- File a report with the FTC (US) at reportfraud.ftc.gov if you are a US-based user
Frequently asked questions
Does Revolut ever call customers to alert them about fraud?
Revolut does not make proactive outbound support calls. All genuine communication from Revolut happens through the app's notification system and in-app chat. A call claiming to be from Revolut is a scam.
What does Revolut do after I report an OTP-interception scam?
Revolut will freeze your account, investigate the unauthorised transactions, and may escalate to a fraud specialist. Report as quickly as possible — if a transfer is recent, there may be a short window to attempt a recall.
Why do scammers know my Revolut balance?
Fraudsters often source personal and financial details from data breaches on other platforms where you reused an email and password. The balance information may also be inferred or guessed. Knowing your name and email does not mean the caller is from Revolut.