Bank customers across the United States lost a combined $12.5 billion to fraud in 2024, and one of the fastest-growing tactics behind those losses is deceptively simple: a phone call or text that appears to come from a trusted bank. Federal regulators and law enforcement are now pressing the same countermeasure on every account holder. If someone contacts you claiming to represent your bank, hang up immediately and call the number printed on the back of your debit or credit card.
Spoofed bank calls are draining accounts at record speed
The threat has grown sharply because caller-ID spoofing technology lets criminals display a bank’s real phone number on a victim’s screen. The FBI’s Internet Crime Complaint Center issued a public alert describing one common scheme in detail: fraudsters pose as bank employees, instruct customers to withdraw funds or surrender a debit card to a courier, then use the card’s intact chip and PIN to drain the account. Victims comply because the incoming number matches the one they associate with their bank.
Text-based variants are equally damaging. Bank-impersonation fraud warning texts ranked as the most common text scam type reported in 2022, according to the FTC’s Data Spotlight analysis, which also found the median loss per victim was $3,000. The same report documented that bank-impersonation texts increased nearly twentyfold since 2019, a pace that has outstripped most other fraud categories. Total reported fraud losses reached $12.5 billion in 2024, according to a separate FTC disclosure, reflecting the broader scale of the problem.
One supervised financial institution alone reported $5 million in losses tied to call spoofing, according to the FDIC Office of Inspector General. That figure from a single bank illustrates how quickly spoofed-number fraud compounds when customers trust what their phone screen tells them. Once criminals convince a victim to share one-time passcodes, move money into “safe” accounts, or hand over a physical card, they can empty balances in minutes.
Federal agencies agree on one defensive step
Three separate federal bodies have converged on the same advice: verify by calling a number you already trust, not one a caller or text provides. The FDIC’s consumer guidance published in June 2025 tells customers to contact their bank directly using a familiar number, such as the one on the back of a debit or credit card, and never a number supplied by an unknown contact. The FDIC OIG reinforces the point with a specific warning: do not redial the number that just called, because spoofed numbers can route right back to the scammer.
This “hang up and call back” rule applies even when the caller seems to know your personal details. Criminals often start with stolen data, including partial account numbers or addresses, to sound legitimate. Federal investigators stress that no genuine bank representative will pressure you to keep a call secret, rush you into moving funds, or send a courier to collect your card. Any of those elements should be treated as a red flag and a cue to end the conversation immediately.
Practical steps for consumers and small businesses
For individual customers, the safest practice is to treat every unexpected contact about your account as suspicious, regardless of what caller ID shows. If you receive a call, text, or email claiming there is fraud on your account, do not click links, tap callback buttons, or share one-time passcodes. Instead, initiate a fresh call using the number on your card, a recent bank statement, or the official website you type in yourself. If the alert is real, the bank’s fraud team will see it on your profile and can help from there.
Small businesses face the same spoofing risks, but with higher potential losses. Owners should train employees never to act on payment or wire-transfer instructions received solely by phone or text. Any request to change payment details, redirect payroll, or disclose online banking credentials should be verified through a second channel, such as a separate call to a known contact or an in-person confirmation. Documenting this process in a simple written policy can reduce the chance that a rushed staff member will be persuaded by a convincing voice on the line.
Consumers and businesses should also make use of existing security tools. Enabling account alerts for large transactions, new payees, or profile changes can help spot fraudulent activity quickly. If you suspect you have already engaged with a spoofed caller, contact your bank using a trusted number right away, ask to secure or replace affected cards, and review recent transactions. Reporting the incident to law enforcement and relevant regulators can support broader efforts to track and disrupt these schemes.
The core message from regulators is straightforward: your phone screen cannot be trusted to prove who is really calling. By refusing to rely on caller ID and instead using only contact information you already know and control, you dramatically cut the odds that a convincing impostor can turn a few minutes on the phone into a drained account.
Warren Cohen is a finance writer based in Phoenix, Arizona, covering personal finance topics including credit, banking, and beginner investing. He earned his degree in business administration from Arizona State University and began his career working in consumer finance, where he gained direct experience with lending and credit systems. He now writes for personal finance websites and fintech platforms, focusing on clear, practical content that helps readers make informed financial decisions.
