How to recognize suspicious account activity Page Article Fraud moves fast. The sooner you spot unusual activity, the easier it is to stop losses and secure your accounts. Use the signs and steps below to identify suspicious behavior and take action right away. What Counts as “Suspicious”? Activity you don’t recognize (payments, transfers, card charges). Security changes you didn’t make (password, email, phone, alerts). New devices, locations, or IPs you don’t recognize logging in. Requests for one-time passcodes (OTP) you didn’t initiate. New payees, payment apps, or limits added without your knowledge. Transaction Red Flags Small “test” charges that appear before larger charges. Unusual merchant types or locations you’ve never used. Rapid, repeated, or round-number transfers (e.g., multiple $500 Zelle sends). ATM withdrawals or cash advances you didn’t make. Refunds to unknown cards/wallets or split transactions. Account & Profile Change Red Flags Password, email, or phone number changed without you. Two-factor/MFA turned off or delivery method changed. New authorized users or payees added. Transfer limits or daily spending limits increased. Security questions, alerts, or statements turned off. Login & Device Red Flags Login from an unknown device, browser, or location. “Unsuccessful login attempts” you didn’t make. OTP or password reset emails/texts when you didn’t try to sign in. New device “trusted” or “registered” without your approval. Messaging Red Flags (Social Engineering) Texts/calls/emails claiming “urgent fraud” that pressure you to act now. Requests for your OTP, PIN, or full password (legitimate institutions don’t ask). Links to sign in or update info on unfamiliar domains. Caller ID that appears to be your bank (caller ID can be spoofed). How to Double-Check Before You Panic Verify if a family member made the transaction (shared cards, family accounts). Check pending vs. posted—some pending items drop off. Look up the merchant name (descriptors can be cryptic). Open your official banking app or type your bank’s URL—don’t click links in messages. What to Do Immediately if Something Looks Wrong Secure access: Change your bank password and email password; turn on or re-enable MFA. Freeze the threat: Lock your card or pause transfers (if your app supports it). Report it fast: Contact your bank using the number on the back of your card or the official website/app. Review and reverse: Dispute unauthorized charges; remove unknown payees or devices. Document everything: Save messages, screenshots, dates, amounts, and case numbers. Set Up Protections (So Issues Surface Quickly) Turn on alerts: Large purchase, foreign transaction, new payee, login from new device, password change. Use MFA everywhere: Prefer app-based or hardware keys to SMS when available. Keep contact info current: Email and mobile number for alerts/recovery. Limit permissions: Review and remove unused connected apps and third-party access. Credit monitoring: Consider a credit freeze and periodic credit report checks. Special Cases to Watch Closely Zelle/Instant Transfers: New payees, high-value sends, or multiple rapid sends—verify directly with the recipient. ACH Changes: New recurring debits from unknown companies; micro-deposits you didn’t request. Card-Not-Present (Online): Purchases at merchants you don’t use, digital wallet tokenizations you didn’t initiate. ATM: Withdrawals at unfamiliar ATMs or locations; failed PIN attempts. Don’t Share One-Time Codes—Ever If you get an unexpected call or text asking you to read back a one-time passcode, hang up. That code allows takeover of your account. Your bank will not ask you to share one-time codes over the phone, via text, or email. After You Report Confirm you have a case number and know next steps. Watch for follow-up attempts by scammers pretending to “help with your case.” Change passwords for other accounts that reuse the same or similar passwords. Consider a device malware scan if you clicked suspicious links or installed remote-access software. Quick Self-Check (Print or Save) I review my account activity weekly (or daily in app). I have alerts for large purchases, new payees, and sign-ins. MFA is enabled on banking and email. My contact info is up to date. I removed connected apps I no longer use.