Scammers posing as your financial institution

Impersonation Scams: How Fraudsters Pose as Your Bank Through Phone, Text, and Ads

Impersonation scams are one of the most dangerous and rapidly evolving forms of social engineering and phishing. By pretending to be a trusted financial institution, fraudsters are able to manipulate individuals into sharing sensitive personal information, credentials, or even transferring money directly into the hands of criminals. These attacks leverage trust, urgency, and highly convincing deception across multiple platforms — phone calls, text messages, emails, and even online advertisements.

What Makes These Scams So Effective?  These scams work by blending social engineering with phishing tactics, targeting individuals at moments of vulnerability. Criminals spoof phone numbers, create lookalike websites, and mimic official communication styles to deceive consumers.

Common Impersonation Tactics

Phone-Based Scams (Vishing)

• Spoofed caller ID appears to be from a bank or credit union.
• Scammers claim suspicious activity and request credentials or OTPs.
• May instruct the victim to move funds to a “safe” account.

Text Message Scams (Smishing)

• Urgent texts claiming account issues or locked access.
• Links lead to fake login pages or phone numbers for fake support.
• Messages often mimic real alerts from banks or credit unions.

Ad-Based Phishing

• Malicious ads placed on search engines or social media.
• Redirect victims to fake banking websites or fraudulent support numbers.
• Designed to appear identical to legitimate bank or credit union ads and pages.

Key Warning Signs

• Urgent messages demanding immediate action.
• Caller ID or message looks real but feels suspicious.
• Unexpected requests for login credentials or OTPs.
• Ads or links leading to unfamiliar websites.

How to Protect Yourself

Spoofing and imposter scams are on the rise — and they’re becoming more convincing. Fraudsters pretend to be your bank or credit union, using phone calls, texts, emails, or even online ads to trick you into sharing personal or financial information. This checklist can help you spot the warning signs and take steps to protect yourself.

Spot the First Red Flag

• Unexpected Contact: Did someone call, text, or email you out of the blue claiming to be from your bank?
• Urgent Claims: Were you told there’s fraud on your account or that immediate action is needed?
• Strange Sources: Did the message come from a number or link you don’t usually associate with your bank?

Tip: Always go directly to your bank’s website or call the number on the back of your debit card. Never use a link or number from a suspicious message.

What Did They Ask You to Do?

• Did they ask you to share your online banking username, password, or a security code?
• Were you told to move your money to a “safe” account?
• Did they ask you to install an app or click a link?
• Did the person sound aggressive, overly friendly, or pressure you to act quickly?

Stay One Step Ahead

• Bookmark your bank or credit union’s official website.
• Never share a one-time passcode (OTP). Your bank will never ask for this by phone, text, or email.
• Watch for spoofed numbers. A call can appear to come from your bank’s official number — this is called caller ID spoofing.

Your Fraud Prevention Checklist

• [ ] I never share security codes or passwords over the phone or via text.
• [ ] I only respond to messages I was expecting from known, verified sources.
• [ ] I double-check any call, text, or email by contacting my bank directly.
• [ ] I report suspicious messages to my bank immediately.

Remember: Your bank or credit union is here to help — if something feels off, trust your instincts and call them directly.

Report and Recover

If you think you've fallen for a scam or shared information by mistake:

• Call your bank or credit union immediately to secure your accounts.
• Change your online banking passwords.
• Monitor your account for unusual activity.

Final Thoughts

Scammers who impersonate financial institutions are not just tech-savvy — they are master manipulators. By staying alert, verifying communications, and practicing safe browsing habits, individuals and institutions can defend against these threats.