KYC Update / Account Suspension Scam
Scammers impersonate banks, exchanges, or financial platforms and claim the victim must immediately update their KYC details or face account suspension — leading to credential theft or direct fraud.
Last reviewed: 11 June 2026
What this scam is
Know Your Customer (KYC) is a genuine regulatory requirement that asks financial institutions to verify the identity of their customers. Scammers exploit familiarity with this process by sending messages — by email, SMS, or phone — that appear to come from a legitimate bank, cryptocurrency exchange, or payment platform, claiming that the recipient must complete a KYC update or their account will be restricted or closed.
The fake KYC process leads to a phishing website that harvests login credentials, personal identity documents, and sometimes payment card details. In some variants, victims are persuaded to transfer funds to a new verified account as part of the supposed process, or are asked to provide a one-time passcode that the scammer uses to access the real account in real time.
The scam is effective because KYC requests are a routine and expected part of financial account management, making victims less likely to question the legitimacy of the communication.
How it works
The victim receives a message that closely mimics official communications from a financial institution — using the correct logo, colour scheme, and tone. The message states that a mandatory KYC review is underway and that failure to update details within a short window will result in account restriction.
A link leads to a convincing replica of the institution's login page. Credentials entered on this page are captured immediately by the fraudster. In some cases, the site then requests a photo of the victim's identity document and a selfie, completing a full identity theft package.
In a telephone variant, a caller claims to be a compliance officer and walks the victim through the update process over the phone, requesting sensitive details or a one-time passcode to complete the supposed verification. These details are used immediately to log in to the real account.
Why this scam works
KYC is a genuine regulatory process that customers are trained to expect, which means urgency messages about it trigger compliance rather than suspicion. Account suspension warnings create anxiety about loss of access to funds, which compresses the time available to verify the request independently.
The visual quality of modern phishing pages is high, and the sender details in emails can be spoofed to appear credible. Victims acting quickly under urgency are less likely to notice URL discrepancies or other technical warning signs.
Common red flags
- Unsolicited message claiming your account will be suspended unless you act within hours
- Link in the message leads to a URL that does not exactly match the institution's real domain
- Request for identity documents, passwords, or one-time passcodes via a link or phone call
- Message creates urgency but does not appear in the official app when you check independently
- Caller claims to be from a bank compliance team and asks for security details
- Email or SMS sender address does not exactly match the institution's official domain
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
IMPORTANT: Your account requires mandatory KYC verification. Failure to update within 24 hours will result in temporary suspension. Update now: [fake link]
Your [bank] account has been flagged for identity verification. Click here to complete the process and restore full access: [fake link]
Hello, this is the compliance team at [institution]. We need to complete your annual KYC review. Please confirm your details and the verification code we just sent you.
ACCOUNT NOTICE: We detected an issue with your identity documents. Please submit updated verification at [fake link] to avoid service interruption.
Common variations
- Cryptocurrency exchange KYC requests leading to credential theft
- Bank account verification emails with phishing links
- PayPal or payment platform suspension notices
- Telephone-based KYC calls requesting one-time passcodes
- SMS verification requests that harvest identity document photos
How to verify before you act
Never click a link in an email or SMS claiming to require a KYC update. Open your financial institution's app or website directly by typing the known address in your browser. Log in and check whether any action is actually required on your account.
If the message came by phone, hang up and call the institution directly using the number on their official website or the back of your card. Your institution will never ask for a full password, PIN, or one-time passcode over the phone or via a link in a message.
Payment methods used
- Credential theft leading to account takeover
- Direct bank transfer to new account as part of fake verification
Who is usually targeted
- Customers of major banks and financial institutions
- Cryptocurrency exchange users
- PayPal and payment platform users
- People who recently opened or changed financial accounts
What to do immediately
- Do not click any link in the message — go directly to your institution's official website or app
- Change your password immediately if you entered it on a suspicious site
- Contact your financial institution directly using the number on their official website
- Report the phishing message to your institution's fraud team
- Report to your national phishing and fraud reporting service
- If credentials were compromised, request account review and monitor for unauthorised transactions
How to prevent it
- Never click links in emails or SMS messages that claim you must update financial details
- Access your financial accounts only through official apps or by typing the known URL directly
- Never share a one-time passcode over the phone — your bank will never ask for one
- Enable two-factor authentication on all financial accounts for additional protection
- Report suspected phishing messages to your financial institution and national reporting service
- Be especially cautious of urgency messaging about account suspension or closure
Evidence to preserve
- The original phishing email or SMS, including full headers
- Screenshots of any fake website visited
- The URL of any phishing page
- Any documents or information submitted before recognising the scam
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I tell a real KYC request from a fake one?
Real KYC requests appear in your account's secure notification centre when you log in directly — they do not arrive only via external links in emails or SMS. If the request only appears in a message and not in your actual account after logging in independently, treat it as fraudulent.
I entered my details on what turned out to be a phishing site — what should I do?
Contact your financial institution immediately. Change your password and enable two-factor authentication if not already active. If you submitted identity documents, consider placing a credit freeze or fraud alert with credit reference agencies to prevent identity-based fraud.
Is it safe to call back a number provided in the suspicious message?
No. Scammers often staff fake support lines at numbers provided in phishing messages. Always use the number on your card, the institution's official website, or the official app to contact them.