Bank impersonation scams are consistently the highest-value fraud category worldwide. Criminals impersonate banks with extraordinary sophistication — using your bank's real logos, official-looking phone numbers, and detailed knowledge of banking products to make their approach seem completely legitimate. Here's exactly how these scams work and how to protect yourself.
How bank impersonation scams work
Phase 1 — Initial contact
The scam begins with either a phone call, SMS, or email appearing to come from your bank. The message typically alerts you to suspicious activity on your account — a large transfer you didn't authorise, a login from a new device, or a compromised card.
Phase 2 — Building trust
The scammer demonstrates knowledge that makes them seem legitimate. They may know your full name, the last four digits of your card, your recent transactions, or your home address. This information comes from data breaches, dark web purchases, or social media research.
Phase 3 — Creating urgency
You're told your account is at risk and immediate action is required. The scammer presents themselves as trying to help you — but you must act right now before the fraudsters (ironically, the actual scammer) steal your money.
Phase 4 — The extraction
You're asked to verify your identity by providing your OTP, transfer your money to a "safe account", download a remote access app, or confirm your full card details. Each of these actions results in your money or account access being handed directly to the criminal.
Common bank impersonation scripts
The OTP scam
"This is the fraud department of [Bank]. We've detected an attempted transfer of $4,500 from your account. To block it, please confirm your identity with the OTP we just sent you."
The scammer has initiated a real transfer and needs your OTP to complete it. They've reversed the story — telling you the OTP will stop the fraud when it will actually complete it.
The safe account scam
"Your account has been compromised by an insider at the bank. For your protection, we need you to transfer your savings to a temporary safe account we've set up for you. This is completely secure and you can transfer back once the investigation is complete."
Banks do not have "safe accounts." Any instruction to transfer your money anywhere is fraud.
The remote access scam
"To investigate the suspicious activity, our security team needs to access your device briefly. Please download TeamViewer / AnyDesk so we can run a security check."
This gives the scammer direct control of your device and everything on it — including your banking apps.
Targeted banks worldwide
Bank impersonation scams target institutions in every country. Most commonly impersonated include DBS, OCBC, UOB (Singapore), Barclays, HSBC, Lloyds, NatWest (UK), Chase, Bank of America, Wells Fargo (USA), CommBank, ANZ, NAB (Australia), HDFC, SBI, ICICI (India), and Maybank, CIMB (Malaysia).
What your bank will never do
Understanding genuine bank behaviour makes impersonation obvious:
- Your bank will never ask for your full password, PIN, or OTP over the phone or by message
- Your bank will never ask you to transfer money to a "safe account"
- Your bank will never ask you to download software or give remote access to your device
- Your bank will never send someone to your home to collect your card or cash
- Your bank will never ask you to keep a security investigation secret from family members
How to respond to a suspicious bank contact
- Do not provide any information — hang up or don't reply
- Do not use any number they give you to call back
- Call your bank directly using the number on the back of your card or on the bank's official website
- Report the contact to your bank's fraud team so they can alert other customers
If you've already provided information, call your bank's fraud line immediately. The faster you act, the better your chances of recovering lost funds.