Hello, I am calling in regard to your car’s expired extended warranty.”

“This is the IRS, and we’re calling to inform you of your unpaid tax bill.”

“I am from technical support, and we have noticed a problem with your current operating system.”

Do any of these sound familiar? They are all common prompts scammers use to defraud innocent victims. But there is another phone scam targeting banking customers, and in honor of Cybersecurity Awareness Month (October), we’ve got some tips and red flags to watch for to protect yourself from becoming a victim.

Beware of Calls Appearing to Come from Your Bank

Fraudsters continually think up new ways to steal your personal information or to trick you into releasing this information. One method involves scammers impersonating bank call centers and fraud departments to trick victims into thinking that their bank is calling them.

Once they’ve got an unsuspecting victim on the line, the scammers ask for personal data and use it to access online banking accounts, where they can get account balances and have access to transfers out of the accounts.

What you Need to Know to Avoid a Bank Phone Scam

According to reports, consumers lost a staggering $29.8 billion to phone scams between 2020 and 2021. But that doesn’t mean you have to fall victim. Knowing what to look for is the first step to avoiding financial losses due to fraud. For example, here’s one common phone scam scenario:

  • Scammers claiming to be from “FirstBank” may call and say there is a fraud alert regarding suspicious account activity that they need to confirm with you.
  • They may reference a fraudulent “pending charge” to make the call sound legitimate. They may also claim that unauthorized access to your online banking has occurred, and they need to secure it.
  • During the call, the scammer may ask you to provide your online banking user ID, password, answers to your online banking security questions, or for a one-time passcode (OTP) that was sent to your phone.

Do not ever give personal information over the phone. FirstBank does make outbound service calls to our customers. When a legitimate FirstBank representative does call we, we will NOT ask you to provide or verify your:

  • Full Social Security number
    • Card Personal Identification Number (PIN)
    • One-time passcode
    • Online banking user ID
    • Online banking password
    • Online banking security question answers

What to Do About Unsolicited Calls, Texts, and Emails

Scammers use information they gather from victims to reset account credentials and access online banking accounts. If you receive an email or text message confirming a charge on your account or payment that you did not do, please contact FirstBank immediately.

It’s worth noting that FirstBank’s one-time passcode states “Don’t share this code – we’ll never ask for it. If you didn’t initiate this reset, call 1-800-964-3444“.

In addition:

  • If you receive a call requesting any of the information above, immediately, hang up and call us at 1-800-964-3444. DO NOT use the number on the caller ID screen and hit redial, even if it appears legitimate.
  • If you receive a suspicious call like this, begin to review your banking accounts daily. Security account alerts can be setup online or on the mobile app. Security alerts help you monitor your account balance and activity on your account.
  • If you discover a fraudulent transaction on your FirstBank account, contact us immediately at 1-800-964-3444.

More Resources to Protect Yourself from Fraud

At FirstBank, we strive to provide you with free, easy-to-understand resources to avoid all types of fraud. With that in mind, visit our Empower All page to learn how you can protect yourself from identity theft and financial fraud or head on over to our designated Fraud page, where we break down the ins and outs of tax-related identity theft, business email compromise, and more.

“This page may contain links to external websites. These links are displayed for your convenience. FirstBank does not manage these sites and assumes no responsibility for the content, links, privacy policy, or security policy.”