TLDR
Caller spoofs bank's number, claims 'fraud team detected a £499 Amazon transaction, do you authorise?' — when victim says no, scammer says 'we'll send you a code to confirm cancellation, read it back'. The code is the real MFA approving...
How it works
Caller spoofs bank's number, claims 'fraud team detected a £499 Amazon transaction, do you authorise?' — when victim says no, scammer says 'we'll send you a code to confirm cancellation, read it back'. The code is the real MFA approving...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1WHAT TO DO: hang up, call 159 (Stop Scams UK) or bank number on card; bank staff NEVER ask for OTPs.
Source
NCSC-UK
Source reviewed by Mythos Forensic Team
https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-servicesFAQ
Is OTP phishing — fake bank fraud team requests passcode (UK) a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
WHAT TO DO: hang up, call 159 (Stop Scams UK) or bank number on card; bank staff NEVER ask for OTPs.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.