Is This Bank Fraud Alert Text Real or a Scam?

Short answer: banks really do send fraud alerts — but the version that asks you to click a link, reply, or call a number in the text to "verify" or "stop" a charge is usually a scam. This one is dangerous because the bait sounds exactly like protection: "Did you make this charge? Reply YES or NO."

The most damaging part isn't the text. It's what happens when you respond. Here's how the trap works and how to stay out of it.

Quick check: Don't tap links, reply, or call numbers from the text. Open your banking app or call the number on the back of your card to check for real alerts. A real bank will never ask you to "move money to a safe account" or read back a code.

How the bank-text scam actually works

A real-looking fraud alert lands: "Wells Fargo: Did you attempt a $499 purchase at Best Buy? Reply Y or N." You reply N, because you didn't. Within seconds, your phone rings — caller ID even shows your bank's name (spoofed). A calm "fraud agent" thanks you for confirming and says they'll help secure your account.

Then comes the real attack. They ask you to:

• read back a one-time code they just "sent to verify your identity" (it's actually their password reset), or
• move your money to a "safe account" (which is theirs), or
• confirm your card number, PIN, or online-banking login.

You didn't fall for a link. You fell for a helpful-sounding human who used your own caution against you.

What the follow-up call sounds like

The text gets you to engage; the call closes the trap. A typical script:

"Hi, this is the Chase fraud department confirming the $499 charge you just flagged. I've blocked your card. To reverse the pending transaction, I need to verify your identity — I'm sending a code to your phone now. Can you read it back to me?"

It sounds like help. It's the opposite. The "code" is a password reset or a login approval, and reading it back hands the scammer the keys. A real bank that called you would never need you to recite a code, because they already have access to your account.

The red flags

• A link or phone number inside the text. Real alerts let you respond, but the follow-up should never ask for codes, logins, or transfers.
• Anyone asking you to read back a code. A one-time code is the keys to your account. No real bank employee needs you to recite it.
• "Move your money to a safe account." This is always a scam. Banks don't do this.
• Caller ID that says your bank. Caller ID is trivially spoofed; it proves nothing.
• Pressure and secrecy. "Act now, don't log in yet, stay on the line with me."

The one move that beats it

Hang up and call the bank yourself, using the number on the back of your card or in your banking app. Never the number from the text, and never stay on a call that someone else started.

If the fraud alert was real, your bank will see it when you call in. If it wasn't, you just dodged the scam. Ninety seconds of calling back ends it.

Is the Chase / Wells Fargo text real?

The brand doesn't change the rule — scammers impersonate Chase, Wells Fargo, Bank of America, and every other major bank. A genuine alert from any of them can be confirmed inside the official app. Treat the specific bank name as part of the disguise, not proof.

What to do

1. Don't reply, tap, or call anything from the text.
2. Open your banking app or call the number on your card to check for a real alert.
3. If you already shared anything, change your online-banking password, and call the bank's real number to lock the account and reverse any transfers.
4. Report it. Forward the text to 7726, report bank-branded phishing to your bank (e.g. reportphish@wellsfargo.com, abuse@chase.com), and file at reportfraud.ftc.gov.

Get it checked in minutes

These are convincing because they borrow real urgency. If you're not sure whether an alert is genuine, forward the text to FraudRoom at check@fraudroom.com before you respond — you'll get a plain-English risk level and the safest next step back, usually within minutes.

FAQ

Do banks text you about suspicious charges?

Yes, many banks send real fraud alerts and let you reply to confirm a charge. What they never do is ask you to share a one-time code, your login, or to move money to a "safe account." Confirm any alert in the official app.

The caller ID showed my bank — doesn't that mean it's really them?

No. Caller ID can be spoofed to display any name or number. Never trust an inbound call's identity; hang up and call the bank yourself using the number on your card.

A "fraud agent" asked me to read back a code — is that legit?

No. A one-time code grants access to your account. Real bank staff never need you to read it back. Anyone asking for it is trying to break in.

Key takeaways

• Banks send real alerts, but never ask for codes, logins, or "safe account" transfers.
• The text is just bait; the phone call that follows is the actual scam.
• Caller ID showing your bank proves nothing — it's easily spoofed.
• Hang up and call the number on your card; verify before you act.

Related reading

• Is this text message a scam? How to tell in 60 seconds
• Venmo and Zelle scams: how to spot them
• What to do if you clicked a phishing link