Bank OTP / One-Time-Code Phone Call Scam Examples
This scam call impersonates your bank, claiming your account is under threat from fraud and asking you to read back a one-time passcode your real bank has just sent by text, supposedly to 'verify your identity' or 'cancel' a fraudulent transaction. In reality, sharing that code is what lets the scammer complete their own login or transaction on your account. The caller keeps you on the phone and distracted with urgent, technical language so you don't stop to think about why your bank would need a code you already received. Never share a one-time passcode with anyone, including your 'bank.'
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Hi, this is the fraud team at [Bank Name]. We have detected suspicious activity on your account. For your security, we are sending you a verification code now — please read it back to confirm your identity.
This is [Bank Name] security. A large transaction has just been attempted. We need you to confirm the six-digit code we just sent you to block it.
Your online banking has been locked by our fraud system. I am sending a reset code to [your number ending in XX] — please give me that code so we can restore access.
We are trying to stop an unauthorised payment leaving your account right now. Read me the code on your screen and we can freeze it immediately.
What the scammer wants
To obtain the OTP your real bank has just sent so they can log into your account, approve a transfer, or change your credentials — while keeping you on the phone and distracted.
Red flags in the message
- Caller claims to be your bank but asks you to read back a code they 'sent'
- Urgent language: a fraud or large transaction happening 'right now'
- They already know partial details (last 4 digits, name) — used to seem legitimate
- Pressure to act before the code expires
- They discourage you from hanging up and calling your bank's official number
A safe response
End the call immediately. Your real bank will never ask you to read back a code over the phone. Call your bank on the number on the back of your card to check your account.
What not to send
- One-time passcodes (OTPs)
- Full card or account numbers
- Online banking passwords
What to do if you already replied
- Call your bank's fraud line immediately using the number on your card
- Ask them to freeze your account and reverse any transfers if possible
- Change your online banking password and PIN without delay
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
Why would my bank need me to read back a code they just sent me?
They wouldn't — a one-time passcode is meant to verify actions you initiate, not to be shared with someone on the phone, and legitimate banks explicitly tell customers never to share these codes with anyone, including bank staff. Any request for the code is the clearest sign of a scam.
I already read the code back — what should I do now?
Call your bank's fraud line immediately using the number on your card, freeze or lock the affected account if possible, and review recent transactions for anything unauthorized. Change your online banking password from a separate, trusted device as well.
How did they know enough about my account to sound convincing?
Scammers often already have some account details from a data breach, phishing attempt, or by socially engineering earlier calls, so sounding informed doesn't prove they're legitimate. The one-time code is the final piece they need, which is why they focus so heavily on getting you to share it.
Is it safe to just hang up and call my bank back?
Yes, and it's the right move — hang up, wait a moment if you used the same phone line, and call your bank using the number on your card or a past statement rather than any number the caller suggests.