Scam script · Email

Fake 'Your Account Is Locked' Bank Email Script

Phishing emails impersonating banks claim your account has been locked due to suspicious activity and direct you to a fake login page to steal your credentials.

Last reviewed: 1 June 2026

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

[Bank]: Your account has been temporarily locked for security. Verify your identity to restore access: [fake link]

Unusual activity detected on your [bank] account ending [number]. Confirm it was you: [fake link]

Action required: your online banking access has been suspended. To unlock, verify your details within 24h or your account will be closed: [fake link]

Security alert: a new device attempted to log in. If this wasn't you, secure your account now: [fake link]

What the scammer wants

To make you log in through a fake page that captures your username, password, and possibly a one-time code — giving the scammer full access to your account to drain funds or add new payees.

Red flags in the message

Urgency about an account being locked or suspended
Login link that leads to a domain other than the bank's official website
Threat of permanent account closure if you do not act quickly
Email sender address does not match the bank's real domain
Fake login page may look convincing but the URL is wrong
Page asks for password and then immediately requests a one-time code
No phone number to call the bank directly for verification

A safe response

Do not click the link. Open a new browser tab and type your bank's real web address yourself, or call the number on your card to check your account status. Your bank will never ask you to verify by following an email link.

What not to send

Login credentials on any page reached by an email link
One-time codes to any page reached by an email link
Card details on an unverified site

What to do if you already replied

Change your online banking password immediately from a secure device
Call your bank on the official number to report the phishing and check for unauthorised activity
Enable strong two-factor authentication if not already active
Check recent transactions and new payees on your real account
Report the phishing email to your bank and national cybercrime authority

Evidence to preserve

Screenshot the full message or call details
Note the sender number, email, or profile
Save any links (without clicking) and payment details
Record dates and times

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

[Bank]: Your account has been temporarily locked for security. Verify your identity to restore access: [fake link]

Unusual activity detected on your [bank] account ending [number]. Confirm it was you: [fake link]

Action required: your online banking access has been suspended. To unlock, verify your details within 24h or your account will be closed: [fake link]

Security alert: a new device attempted to log in. If this wasn't you, secure your account now: [fake link]

Red flags in the message

Urgency about an account being locked or suspended

Threat of permanent account closure if you do not act quickly

Email sender address does not match the bank's real domain

Fake login page may look convincing but the URL is wrong

Page asks for password and then immediately requests a one-time code

No phone number to call the bank directly for verification

What to do if you already replied

Change your online banking password immediately from a secure device

Call your bank on the official number to report the phishing and check for unauthorised activity

Enable strong two-factor authentication if not already active

Check recent transactions and new payees on your real account

Report the phishing email to your bank and national cybercrime authority