U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Call Spoofing Scams

The FDIC OIG is warning banks and bank business customers about sophisticated telephone spoofing scams. These scammers initiate transactions using the business customers’ bank accounts. The fraudsters are sophisticated and may offer details that give the appearance of legitimacy to bank business customers.  Such scams could involve millions of dollars. For example, one FDIC supervised financial institution reported $5 million in recent call spoofing attempts.

How does it work?

  • Fraudsters use call spoofing, a technique where they falsify the information transmitted to a caller ID display to disguise their identity. The phone number then appears to be the bank name and the phone number associated with the bank where a business maintains an account.
  • In some instances, the fraudster may know and use the actual names of employees working at the business.
  • The fraudster informs the business that they are seeing fraudulent activity associated with the business’s bank account.
  • To resolve this supposed activity, the fraudster informs the account holder that they need the user’s online account login credentials.
  • Once those credentials are received, the fraudster attempts to reset the customer’s password to gain access to the account to initiate funds transfers. 

Warning Signs:

  • High-Pressure Tactics: A caller may create a false sense of urgency, or demand immediate action.
  • Suspicious Requests for Data: Banks, companies, and government agencies will not call or send unsolicited correspondence asking for sensitive personal information.

How to Protect Yourself:

  • Assume any caller, even from what appears to be a known number, could be a scammer.
  • Hang up and verify the phone number by calling the number on the legitimate bank website. Do not redial the number that called.
  • Do not provide any information to an unsolicited caller, including verifying your name, business name, phone number, or account information.
  • If you suspect a spoofed or suspicious call, hang up immediately.
  • Let the call go to voicemail instead of answering.

If you suspect that your business has been a victim of a spoofing scam, contact the FDIC OIG Hotline.

Consumers may experience similar spoofing calls, and in that event, should also contact the FDIC OIG Hotline.