That $847.93 Fraud Alert Wants You to Panic and Call Back

Your phone buzzes. "ALERT: A suspicious transaction of $847.93 was detected on your account. If you did not authorize this, reply YES or call 1-800-XXX-XXXX immediately." You didn't make that charge. You panic.

That's exactly what they want. Fake bank alerts are one of the most effective scams running today. They hijack the very system designed to protect you — your bank's own fraud notifications. When you think your money is at risk, you act fast and skip the steps that would expose the scam.

Chase, Bank of America, Wells Fargo, Citi, and local credit unions get impersonated most often in complaint data we track. Scammers pick these because they have the most customers. One of those names likely matches your actual bank. The alerts look professional. "Suspicious transaction of $847.93 at WALMART. Reply YES if authorized, NO if not." Or "Your debit card has been locked due to unusual activity. Verify your identity here." The amounts are specific enough to seem real. That's deliberate.

If you reply to the text, you confirm your number is active and connected to someone who has a bank account. You'll get a call from a "fraud specialist" within minutes. If you call the number, you reach a professional-sounding call center. The "agent" already knows which bank they're impersonating because they sent the message.

They ask you to "verify your identity" with your account number, card number, SSN, or PIN. Then they send you a real verification code from your bank and ask you to read it back. They walk you through "securing" your account, which actually means authorizing transfers to accounts they control.

The verification code trick is the most dangerous variant. The scammer enters your username and password on your bank's real website. Your bank sends you a two-factor authentication code. The scammer asks you to read it to them "for verification." You just handed them the keys to bypass your bank's security. No legitimate bank employee will ever ask you to share a verification code over the phone.

Real fraud texts come from short codes, those 5 or 6 digit numbers, not regular phone numbers. They reference the last 4 digits of your card. Scam texts usually don't because they don't know your card number. Real alerts ask you to reply YES or NO only, never to click a link or call a phone number. Real emails come from the bank's actual domain. Check the sender address, not just the display name. They link to the bank's real website. Hover over links before clicking to verify the destination. They never ask you to reply with personal information.

Your bank may call you about suspicious activity, but they will never ask for your PIN, full card number, or a verification code they just sent you. When in doubt, hang up and call the number on the back of your card.

Several patterns expose fake bank alerts immediately. The alert came from a 10-digit phone number instead of a short code. It asks you to click a link rather than reply with a word. The caller asks for your PIN or verification code when your bank already has your information and doesn't need you to "verify" it over the phone.

They want you to move money to a "safe account." Banks never instruct you to wire money or buy gift cards to protect your funds. There is no such thing as a "safe account" that a bank employee sets up for you over the phone. They create extreme urgency. "If you don't act in the next 15 minutes, your account will be permanently closed." Real banks don't operate on 15-minute deadlines for routine fraud prevention.

Don't reply, click links, or call any number in the message if you get a suspicious alert. Open your bank's official app or website directly and check your account activity. If you want to speak to your bank, call the number on the back of your debit or credit card. Search the phone number or domain in databases like ours to see if it's been reported as fraudulent.

If you already gave information to the scammer, act fast. Share your card number or PIN and you need to call your bank immediately using the number on the back of your card. Freeze or cancel the card. Share login credentials and you need to log into your bank account from a trusted device and change your password. Enable two-factor authentication if you haven't already.

If you shared a verification code, call your bank immediately. The scammer may be in your account right now. Ask the bank to review recent transactions and lock the account if needed. If you shared your SSN, freeze your credit at Equifax, Experian, and TransUnion. File a report at IdentityTheft.gov.

Bank alerts are one of the few types of messages people are trained to respond to immediately. Banks and security experts have spent years telling customers to respond to fraud alerts right away. Scammers exploit this conditioning perfectly. The scam also benefits from volume. A scammer sending fake Chase alerts to a million phone numbers will reach hundreds of thousands of actual Chase customers. A percentage of them will be expecting fraud because they recently used their card somewhere unfamiliar.

Report these scams to the FTC at ReportFraud.ftc.gov. Forward scam texts and emails to your bank's fraud department. Chase customers can forward texts to 72166. Bank of America customers can email abuse@bankofamerica.com. Report robocalls and robotexts to the FCC at fcc.gov/consumers/guides/report-unwanted-calls. Forward scam texts to 7726 (SPAM) to report them to your carrier.