The phone screen showed Chase’s real customer-service number. The voice on the other end said they were calling from the bank’s fraud department and that the account had been compromised. Everything about the call looked right. But it wasn’t Chase. According to a federal criminal complaint filed by the U.S. Attorney’s Office for the District of Columbia, the caller belonged to an organized fraud ring that spoofed JPMorgan Chase’s phone number to impersonate the bank’s fraud team. One victim, believing they were protecting their savings, wired $40,000 during that single call. The complaint alleges the victim was told their account had been accessed by an unauthorized party and that funds needed to be moved immediately to prevent further theft.
The complaint describes allegations, not a conviction. But the scheme it outlines is not an isolated trick. The FBI and FTC have issued public advisories warning about this tactic, and the Department of Justice has brought criminal charges against individuals accused of using commercially available spoofing technology to make their calls appear to come from a bank’s actual phone number. The losses are real, the prosecutions are active, and the number of victims almost certainly exceeds what any single case file captures.
How the scam works
Spoofing services, many sold openly online for a few dollars a month, let callers display any number they choose on a recipient’s caller ID. That includes the exact customer-service number printed on the back of a debit card. The Federal Trade Commission warns that scammers can make virtually any name or number appear on a phone’s display, whether it belongs to a bank, a government office, or a law-enforcement agency.
In the scheme described in the DOJ complaint, the fraud didn’t stop at impersonating Chase. After the initial “bank” call created a sense of urgency, the same ring escalated by putting victims on the line with someone posing as a federal law-enforcement officer. The fake agent told victims their funds were at risk and needed to be “secured” immediately by wiring money to a designated account. According to the complaint, the callers instructed the victim to send the wire to a specific bank account controlled by a member of the conspiracy. That two-stage approach was deliberate: a pressure sequence designed to keep victims from hanging up and verifying anything on their own.
The FBI’s public service announcement on account-takeover fraud confirms the broader pattern. The bureau says criminals are contacting victims by phone, text, and email, claiming to represent a bank’s support or fraud team, then pressuring targets to hand over login credentials, one-time passcodes, or to move money into accounts the criminals control. The FBI’s guidance is blunt: caller ID alone should never be treated as proof that a bank is calling.
Why caller ID can’t protect you anymore
Most people still treat caller ID as a basic security check. If the screen says “Chase” or shows the number on the back of the card, the instinct is to trust it. That instinct is now a liability.
The FCC has pushed carriers to implement a framework called STIR/SHAKEN, which authenticates caller ID information and flags calls where the number may have been spoofed. Major U.S. carriers have adopted the technology, and the FCC has said the framework is helping address certain categories of unwanted robocall traffic. But STIR/SHAKEN has limits. Calls that originate from smaller carriers, international networks, or certain Voice over Internet Protocol (VoIP) services may not carry authentication data. And organized fraud operations, which often route calls through overseas infrastructure, can sidestep the system entirely. The framework has made progress, but it has not eliminated spoofing.
Banks face a difficult position here. They do contact customers by phone for legitimate fraud alerts, which means consumers can’t simply ignore every call that appears to come from their institution. Some banks, including Chase, have begun directing customers to verify suspicious calls through their mobile apps or by calling back on a number they find independently. But no major U.S. bank has publicly disclosed how frequently its phone number is spoofed or how many customers report being targeted this way. That gap leaves consumers guessing about the true scale of the problem.
What federal data does and doesn’t show
The FBI’s Internet Crime Complaint Center (IC3) tracks account-takeover incidents, and the FTC publishes annual data on impersonation fraud. But neither agency breaks out losses tied specifically to bank-number spoofing as its own category. The tactic typically gets bundled into broader charges like wire fraud, conspiracy, or identity theft, which makes it difficult to measure the full scope with precision.
The DOJ complaint involving the $40,000 Chase loss is built on victim accounts provided under oath, giving it strong evidentiary weight. Still, it represents one prosecuted case, not a comprehensive count. As of June 2026, the complaint has not resulted in a conviction. The actual number of people who have picked up a spoofed call that appeared to come from their bank’s real number is almost certainly far larger than what any single filing reflects.
What to do if your “bank” calls you
Federal agencies are unified on the core advice: never trust an inbound call based on the number displayed, no matter how legitimate it looks. Here is what the FBI, FTC, and banking regulators recommend:
Hang up immediately. Do not press any buttons, confirm any information, or engage with the caller. If the call is legitimate, your bank will not penalize you for disconnecting.
Call back using a verified number. Flip your debit or credit card over and dial the number printed there, or log into your bank’s official app or website to find the correct contact number. Do not use any number the caller provides, and do not hit “redial” or “call back” on the incoming call.
Never share one-time passcodes. Banks send verification codes to confirm actions you initiate. A legitimate bank representative will never ask you to read a code back over the phone during an unsolicited call. If someone asks for a code, that is the scam revealing itself.
Do not transfer money on someone else’s instructions. No bank and no law-enforcement agency will ever ask you to wire funds, buy gift cards, or move money to a “safe” account during a phone call. That request, on its own, is proof of fraud.
Report the call. If you suspect you’ve been targeted, contact your bank directly through verified channels, file a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov, and report the number to the FTC at reportfraud.ftc.gov.
If you already sent money
Speed matters more than anything else. Contact your bank immediately through verified channels and explain what happened. If you wired funds, ask the bank to initiate a recall on the wire transfer. Realistically, the chances of recovering wired money drop sharply within the first 24 to 48 hours, and many recalls fail entirely once funds have been moved to a second account. File a report with the FBI’s IC3 and your local police department. If the scammer gained access to your online banking credentials, change your passwords and enable multi-factor authentication from a separate, trusted device. Request a credit freeze from all three major bureaus (Equifax, Experian, and TransUnion) if you shared any personal information during the call.
Why hanging up is now the strongest move you can make
The cases already on file make the lesson plain: the number on your screen is no longer reliable evidence of who is calling. Spoofing tools are cheap, widely available, and effective enough to fool anyone who relies on caller ID as a first line of defense. The only way to confirm your bank is actually reaching out is to end the conversation yourself and start a new one on your own terms. That five-second decision to hang up is, right now, the single most effective thing you can do to protect your money.
Warren Cohen is a finance writer based in Phoenix, Arizona, covering personal finance topics including credit, banking, and beginner investing. He earned his degree in business administration from Arizona State University and began his career working in consumer finance, where he gained direct experience with lending and credit systems. He now writes for personal finance websites and fintech platforms, focusing on clear, practical content that helps readers make informed financial decisions.
