Red Flags in a Financial Institution Impersonation Scam 

One of the most common fraud schemes is the impersonation scam. Here’s how to tell if someone is impersonating your financial institution in an effort to access your accounts.

What is an impersonation scam?

In a financial institution impersonation scam, a fraudster will call, text, or email a victim posing as an employee of the financial institution. Often, the scammer makes it look like the message is coming from the financial institution’s legitimate number (known as spoofing) or email (phishing). The scammer may tell the victim that their accounts are compromised, ask about a fictitious charge on their credit or debit card, or come up with some other compelling story to get the victim’s attention.

Once the conversation starts, the scammer will start working questions into the discussion to get you to reveal sensitive information about your accounts. They will typically phrase the questions like they are trying to verify the victim’s identity. This might be asking for online or mobile banking information such as username, one-time passcodes, or security questions like the first street you lived on. They might also ask for detailed card information, including all 16 digits and the three-digit code on the back. With this information in hand, fraudsters can often gain access to the victim’s accounts and steal their money.

What are the red flags to look for in an impersonation scam?

Look out for the following red flags to protect yourself from this kind of impersonation scam.

1. They ask for your online and mobile banking credentials. Even if it is just a username or your dog’s name, the fraudster can use bits and pieces of information to break into your account.
2. They ask for card details, including full card number, expiration date, and CVV code. Never provide full card information.
3. They ask you to read a one-time passcode sent to your phone or email. Read the passcodes carefully, as the notification will tell you what the code is for. Often, this is a code to reset your online and mobile banking password or to access the online banking profile. These notifications will explicitly state, “We will never ask you for this information.”
4. They tell you that you cannot notify anyone else about the conversation. If you’re at all suspicious about a conversation, don’t hesitate to contact your financial institution directly or even talk to family or friends about the situation before taking action. Oftentimes an outside perspective can help you recognize the signs of a scam that might not have been clear in the middle of a scam artist pressuring you to act.
5. They tell you that you need to withdraw all the money in your account to protect it. Financial institutions are designed to help keep your accounts and funds secure, and wouldn’t instruct you to withdraw cash to keep it safe.

If you receive a call claiming to be from your financial institution and any of these red flags are identified, never give out your online and mobile banking credentials, the full details of your card, or the kind of one-time passcodes mentioned above.

If you are concerned about the call and want to make sure it’s legitimate, hang up and call your financial institution directly. They can help you review the call, determine if anything was compromised, and help you take steps to secure your accounts as needed.