Scam script · SMS / text

Fake Bank OTP Request Text Script

Texts or calls claim there is suspicious activity on your account and ask you to read back a one-time code to 'verify' your identity — which actually authorises a transaction.

Last reviewed: 1 June 2026

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

[Bank]: Suspicious login detected. Reply with your one-time code to cancel: [code will arrive by text].

We've sent you a 6-digit code to confirm it's you. Please reply with the code to stop the transaction.

Hi, this is [bank] fraud team. A [amount] payment is pending. Read me the code just sent to block it.

Your code is for verification only — sharing it will not give anyone access to your account.

What the scammer wants

To obtain the OTP that your real bank sent — which the scammer is simultaneously using to authorise a transaction, log in to your account, or add a new payee. The code hands them full control of that action.

Red flags in the message

Anyone asking you to share a code your bank just sent you
Reassurance that 'the code is just to verify you, not to give access'
Urgency — share the code in the next 60 seconds
Incoming call or text immediately after a code arrives
Caller ID matches your bank (easily spoofed)
No way to call back and verify through the bank's published number

A safe response

Never share a one-time code with anyone who asks for it, even if they say they are from your bank. Your bank will never ask you to read back a code it sent. Hang up and call your bank on its official number.

What not to send

One-time codes or PINs
Passwords or memorable phrases
Card details

What to do if you already replied

Call your bank immediately on the official number — a transaction may have been authorised
Change your online banking password and PIN
Check your account for new payees, pending payments, or setting changes
Report the incident to your bank's fraud team
Consider placing a short-term freeze on your account while you investigate

Evidence to preserve

Screenshot the full message or call details
Note the sender number, email, or profile
Save any links (without clicking) and payment details
Record dates and times

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

[Bank]: Suspicious login detected. Reply with your one-time code to cancel: [code will arrive by text].

We've sent you a 6-digit code to confirm it's you. Please reply with the code to stop the transaction.

Hi, this is [bank] fraud team. A [amount] payment is pending. Read me the code just sent to block it.

Your code is for verification only — sharing it will not give anyone access to your account.

Red flags in the message

Anyone asking you to share a code your bank just sent you

Reassurance that 'the code is just to verify you, not to give access'

Urgency — share the code in the next 60 seconds

Incoming call or text immediately after a code arrives

Caller ID matches your bank (easily spoofed)

No way to call back and verify through the bank's published number

What to do if you already replied

Call your bank immediately on the official number — a transaction may have been authorised

Change your online banking password and PIN

Check your account for new payees, pending payments, or setting changes

Report the incident to your bank's fraud team

Consider placing a short-term freeze on your account while you investigate