Imagine this...
Your phone rings. The caller ID displays your bank's name. You answer.
"This is Sarah from your bank's Fraud Department. We just stopped a suspicious purchase on your debit card at an electronics store in another state. Did you make this purchase?"
Your heart immediately begins to race.
"No! Absolutely not."
"Don't worry," the caller says calmly. "We're going to stop the fraud before any money leaves your account. I just need to verify your identity."
Everything about the call feels legitimate. The caller knows your name, the last four digits of your debit card, and even which bank you use. The caller ID appears to confirm it's really your bank.
Then comes the request. "I'm sending you a six-digit verification code. Please read it back to me so I can cancel the transaction."
Seconds later, a text message arrives.
Your one-time verification code is 483921. Never share this code with anyone. Bank employees will never ask for it.
But you're not reading the warning. You're focused on protecting your money, so you read the code aloud. Within minutes, the scammer logs in to your online banking account, changes your password, and transfers thousands of dollars from your account.
The "fraud department" wasn't protecting you. They are the fraudster.
What Really Happened?
This scam didn't succeed because the criminal hacked your bank — it succeeded because they convinced you to help them. By creating a sense of urgency and sounding calm, professional, and reassuring, the caller gained your trust. They already knew enough personal information to make the call feel legitimate.
Then they asked for the one thing standing between them and your account: your one-time verification code. That six-digit code wasn't verifying your identity — it was authorizing the scammer's login attempt. Once you shared it, you unknowingly gave the fraudster the access they needed.
How to Tell the Difference
If you receive a call about suspicious activity, how can you tell whether you're speaking with your bank or a scammer? Watch for these key differences.
| Real Bank Fraud Team | Fraudster Pretending to Be the Bank |
|---|---|
| Asks if you recognize a specific transaction or activity. | Claims your account is compromised and pressures you to act immediately. |
| Uses information they already have to verify your identity. | Asks you to provide information only you should know. |
| May lock or restrict your card for protection. | Tells you to move money to a "safe account." |
| Encourages you to call the bank using the number on the back of your card if you're unsure. | Tells you not to hang up or call anyone else. |
| Never asks for passwords, PINs, or one-time verification codes. | Tries to trick you into sharing passwords, PINs, or one-time verification codes. |
4 Ways to Protect Yourself
These scams are designed to create urgency and pressure people into acting quickly. The good news is that you don't have to be a fraud expert to protect yourself. Here are four ways to reduce your risk:
- Never share a one-time passcode (OTP), verification code, or authentication code with anyone.
- Hang up and call your bank directly using the number on the back of your debit card or from the bank's official website if something doesn't feel right.
- Enable transaction alerts and multifactor authentication (MFA) to add another layer of security.
- Review your accounts regularly for unfamiliar transactions, password reset notifications, or changes to your contact information.
Want to learn more? Explore our fraud prevention resources to learn how to recognize phishing emails, urgent travel scams, digital wallet fraud, and other common scams.
Think You’ve Been Targeted? Act Fast.
If you believe you've shared information with a scammer or notice suspicious activity on your account:
- Contact your bank immediately.
- Change your online banking and email passwords.
- Lock or replace compromised cards or accounts if necessary.
- Document phone numbers, messages, dates, and transaction details.
- Report the incident to:
The faster you act, the better your chances of limiting financial loss and preventing additional fraud.
One Last Thing to Remember
Fraudsters don't need to hack your bank — they need to convince you to open the door.
If anyone claiming to be from your bank asks for information that should only be known to you, stop the conversation immediately.
“These scams are designed to give fraudsters access to your account, so it's important to contact your bank right away if something doesn't feel right,” says Barb Nesler, BSA & Fraud Officer at First Mid Bank & Trust. “If you're ever asked for a password, PIN, or a one-time verification code that was sent only to you, hang up and call your bank directly using a trusted phone number. When in doubt, verify before you trust.”
Just remember: Your bank will never ask you to share sensitive security information that's meant only for you.


