FraudScope // Threat Library // Fake bank alert

Scam type // Bank security

Fake bank security alerts

A text or call claims your bank spotted a suspicious charge and needs you to confirm, click a link, or read back a verification code. The fear of losing your money is exactly what the scammer is counting on. Here is how to tell a real alert from a fake one.

Explore FraudScope Download on App Store

On-device iPhone · iOS 18+ Available now

What it is

Fear dressed up as security

A fake bank alert impersonates your bank’s fraud team. The message says there is an unauthorized charge or a login from a new device, and it asks you to act immediately to "protect" your account.

The irony is the message itself is the attack. Whether you click the link, call the number, or read back a code, you are handing the scammer exactly what they need to drain your account.

The playbook

How the scam works

Trigger alarm

A large or unfamiliar charge, or a "login attempt," makes you panic about your money.

Offer a quick fix

Click here to cancel, or call this number to verify. Both routes lead to the scammer.

Harvest credentials

A lookalike login page captures your username and password, or a "rep" asks you to confirm them.

Capture the one-time code

They trigger a real login, then ask you to read back the code your bank just texted you. That code is the last lock on your account.

In their words

What the message looks like

// THE MESSAGE

CHASE ALERT: Did you attempt a $1,250.00 purchase at BestBuy? Reply NO and a fraud agent will call to secure your account. Or verify at chase-secure-alerts.com

FraudScope reads it as

High risk bank impersonation. FraudScope flags the lookalike domain, the urgency, and the bait to "verify." Its guidance: do not click or reply. Call the number on the back of your card and ask if anything is actually wrong.

Red flags

Warning signs to watch for

A link to a domain that is not your bank’s exact website.
Anyone who asks you to read back a one-time passcode. Banks never do this.
Pressure to act in minutes to "stop" a charge.
A phone number in the text itself, rather than the one on your card.
Requests for your full password, PIN, or card number.

How FraudScope helps

Check before you tap

Paste the text into FraudScope and it explains the trick: bank impersonation, urgency, and a credential or code grab. It points to the exact words and the suspicious link.

If there is a link, URL Deep Inspection (a Pro feature) shows where it really goes, how new the site is, and whether its security certificate holds up. Analysis runs entirely on your iPhone and makes no network requests. The only time FraudScope touches the internet is if you tap Inspect URL to check where a link really goes, and it tells you before it does.

Intent reconstructionURL Deep Inspection (Pro)On-device

Questions

Frequently asked

How can I tell if a bank fraud text is real?

Do not use any link or phone number in the message. Open your banking app yourself, or call the number printed on the back of your card. A real alert will be visible inside your account. A scam exists only in the text.

My bank texted a code and someone asked me to read it back. Is that a scam?

Yes. A one-time passcode is the final key to your account. No legitimate bank employee will ever ask you to read it to them. If someone does, hang up.

Does FraudScope send my messages anywhere?

No. Analysis runs entirely on your iPhone with no network connection. The only time it contacts the internet is if you choose to inspect a link’s destination, and it tells you before it does.

Will FraudScope catch every scam?

No tool can. FraudScope is strongest with the full content of a message and weaker with a bare screenshot that has no link or sender. It is a powerful second opinion, not a guarantee. When in doubt, slow down and check with someone you trust.

Read the scam before it reads you

FraudScope explains what a suspicious message is really trying to do, entirely on your iPhone. Now available on the App Store.