Is that bank fraud-alert text (or “did you authorize this Zelle?”) real?
Short answer: it is very often a scam, and one of the most damaging kinds, because it targets money that has already moved or is about to. A text or phone call claiming to be your bank's fraud department, asking you to confirm or deny a Zelle transfer, is a well-documented impersonation tactic — and unlike a card, money sent by Zelle or a wire is very hard to get back once it is gone.
What does a fake bank fraud-alert text look like?
You get a text that looks like it comes from your bank's real fraud-alert short code, asking “Did you authorize a Zelle payment of $900 to [a name]? Reply YES or NO.” If you reply, a phone call follows from someone claiming to be a bank fraud specialist. They already seem to know your name and the last four digits of your account — often taken from a prior data breach or guessed convincingly — which makes the call feel credible.
The caller says fraud has been detected and, to “reverse” the transaction or “protect your account,” walks you through moving money to a “safe account,” sending a Zelle payment yourself, or reading back a one-time passcode that just arrived by text. That passcode is the real security code needed to authorize a transaction on your actual account — reading it to the caller hands them control.
Why does the bank fraud-alert scam work?
The scam borrows the real look and urgency of a genuine fraud alert, which trains people to respond quickly. Because it is framed as protecting you from a transaction you did not make, it flips the usual scam pattern: instead of asking you to send money to a stranger, it convinces you that sending money (or reading a code) is the safe, protective action. Banks do build in real fraud alerts that ask you to confirm activity, which is exactly what makes an impersonated one so convincing.
By the numbers: bank and business impersonators drew the highest reported losses of any imposter-scam category in 2025 — nearly $1 billion, up from $866 million in 2024 — and the FTC notes the costliest versions often start with exactly this kind of fake security alert. Source: FTC, June 2026.
Red flags to watch for
- A call-back number in the text, or a caller ID, that you did not look up yourself from the back of your card or your bank's official site.
- Being asked to read back a one-time passcode or verification code that just arrived by text — a real bank never needs you to read this back to them.
- Being told to move money to a “safe” or “secure” account, or to send a Zelle payment yourself to “reverse” fraud.
- Pressure to act immediately, often framed as protecting you rather than asking you for money.
- The caller knowing partial account details, which can come from a data breach and does not by itself prove they are your real bank.
What should I do if I get a bank fraud-alert text?
- Never read a one-time passcode or verification code to anyone who calls or texts you — not even someone who says they are from your bank's fraud team.
- Do not use the phone number in the text or the one the caller gives you. Hang up, then call your bank using the number on the back of your card or its official website.
- Never move money to a “safe account” on someone else's instruction — a real bank does not ask you to do this.
- If you already sent money or shared a code, contact your bank immediately and file a report with your local police and the FTC.
- Not sure? Screenshot the text and email it to Preview-Check@IsThisAScam.Email for a verdict before you reply or call back.
Got a bank fraud-alert text you are not sure about? Screenshot it and email it to Preview-Check@IsThisAScam.Email. Our AI checks the message and emails you back a verdict with what to do next.
Email it to usA real example
Verdict: SCAM
A user received a text asking to confirm a $900 Zelle payment, followed by a call from someone claiming to be their bank's fraud department. The caller knew the user's name and the last four digits of an account number, then asked the user to read back a code that had just arrived by text to “verify their identity.”
That code was the real one-time passcode needed to authorize a transaction. A legitimate bank fraud team never asks a customer to read back a passcode — this is the single clearest sign the call was not real, regardless of how much account detail the caller seemed to know.
Verify through official channels
- Call your bank directly using the number on the back of your card or its official website — never a number from the text or the caller.
- Report the incident to the US Federal Trade Commission at reportfraud.ftc.gov.
- If money was sent, report it to the FBI Internet Crime Complaint Center at ic3.gov as soon as possible — faster reporting improves the chance of recovery.
- File a report with your local police department; some banks require a police report to investigate an unauthorized transfer.