Most people are aware they shouldn't send money to a stranger, which is why fraudsters often take a different tack: pretending to be a person or company you're familiar with. To stay vigilant and avoid becoming a victim, it helps to know exactly how these imposter scams work.
The scammers' goal is to get you to let your guard down, says Kenneth Conner, vice president of scam policy and communications at Citi. "They use believable scenarios when impersonating someone to make you feel more at ease doing something you shouldn't, like buying gift cards and providing the information on the cards to a third party or sending a deposit to 'yourself.'"
Some scammers have even been using artificial intelligence to mimic friends' or family members' voices, making it trickier to tell if the outreach is fake. (Online tools can turn an audio sample into a voice that can "say" what the scammers type.)
What's more, imposter scams are currently the number-one most reported type of scam, according to the Federal Trade Commission, and losses are mounting. People reported losing $2.6 billion to imposters in 2022, an increase from $2.4 billion the year before.
To help you protect your finances and avoid becoming a victim, here's what you need to know about three common imposter scams, including advice on how to steer clear of them.
How they work: A fraudster pretending to be a bank agent contacts you in one of the following ways.
1. Texts you from a spoofed number that appears to be a legitimate number for your bank, advising you of suspicious account activity. Once you reply, the scammer either calls you or provides a number for you to call.
2. Emails you from a spoofed email address by modifying the "display name" so it appears to be a legitimate name or address for your bank, advising you of suspicious account activity. Once you reply, the scammer either calls you or provides a number for you to call. (Alternately, the email may contain a link to a spoofed website with a fake chat feature run by the scammer.)
3. Calls you directly to advise of suspicious activity on your account.
Typically, while in contact with you, the scammer is also interacting with the bank, either through the mobile application or on the phone with a bank representative. The purpose is to either conduct a financial transaction on your account and have you authenticate it or to convince you to conduct the financial transaction under false pretenses.
The scammer might say your funds are at risk due to fraudulent activity, for example, and that they need you to move them to "protect" them, but what's really happening is you are transferring the funds to a third-party account they control. Some fraudsters will even ask you for the one-time password (OTP) just delivered to your phone or email; with that, they can change the password and provide you with the new one for the online banking session. Their goal is that, by showing you they have the ability to reset your password, they'll make you think the scam is legitimate.
What you can do: Be cautious. A real bank will never call, email, text or send direct messages on social media to demand money or information, and if they are calling you directly, they will also never require you to provide an OTP code. Never assume outreach like this is legitimate just because the name or number that comes up looks official; scammers can manipulate these. If you're asked to send payments or personal information, it's best to verify the request directly with the company through a confirmed communication channel — for example, the number or email address on the back of your credit or debit card, on the bank's official site or on your account statement.
How they work: These schemes entail a fraudster sending you a text or email that appears to be from a major company you've likely used or shopped from, like Amazon, PayPal or Microsoft. The note confirms your (fictitious) order and instructs you to contact customer care if you did not place it. Once you do this, you receive a message indicating a fraud agent from your bank will contact you shortly. You then receive a call from this "agent," who tells you someone is trying to make payments from your peer-to-peer payment account. They tell you the only way to resolve this is to send money back to your account to cancel the pending transaction. Meanwhile, the scammer is the one who will receive the money because they've linked their account to your credentials.
What you can do: If you receive an unexpected delivery notice, be suspicious. Don't click on the link or call back. The link could install malware that can pull personal information or take you to a spoofed website with a fake chat feature run by the scammer, and the number could lead to a fake operator asking for your credit card number or other account details, or instructing you to send funds. Instead, check the website for the number or email address of the delivery service or seller so you can sort this out directly.
How they work: A fraudster pretends to be a government agency staffer or law enforcement officer advising you of a past-due balance for a warrant, pending arrest or other police activity. By text, email or phone call, the "officer" instructs you to pay immediately via wire, peer-to-peer payment app or gift card to resolve the issue.
What you can do: Be wary of any correspondence that doesn't provide valid contact information or urges you to act immediately, and never click on unknown links because they could install malware or lead to a spoofed website with a scammer-run chat feature. Also keep in mind that government entities will never require a specific form of payment. You can check whether this notice is valid by using the phone number or email address listed on the agency's official website instead.
The content reflects the view of the authors of the article and does not necessarily reflect the views of Citi or its employees, and we do not guarantee the accuracy or completeness of the information presented in the article.