skip to main content

advice hub

Red Flags: Financial Institution Impersonation Fraud Scam

3/3/2026 | Jenna Goldberg
  • Fraud & Security
Financial Institution Impersonation Fraud Scam

In this article: 

  • Signs of the financial institution impersonation scam
  • What fraudsters ask you when they call or text
  • Steps to take if you think you’ve been scammed
  • How United protects Members from fraud
  • Q&A with United Federal Credit Union Director of Fraud Operations

Financial institution impersonation scams happen when criminals pose as your bank or credit union using spoofed calls, texts, or emails to create urgency and trick you into sharing personal or financial information. These scams often reference suspicious charges or account issues and may use accurate details to seem legitimate—but United will never ask for your full card number, online banking credentials, one‑time passcodes, or ask you to move money to “keep it safe.” 

In this article, you’ll learn how impersonation scams work, the red flags to watch for, and what to do if you receive a suspicious message so you can protect your accounts and act with confidence.

What is a financial institution impersonation scam? 

This scam happens when criminals pretend to be your bank or credit union - by phone, text or email - to trick you into sharing card numbers, login details, or approving fraudulent transactions.

What the scam looks like

In a financial institution impersonation fraud scam, criminals call or text people while pretending to be their bank or credit union, such as United Federal Credit Union. The message often claims there is suspicious activity on the account and asks the person to share credit card information or take immediate action.

In some cases, United’s fraud monitoring system correctly flags the activity as suspicious. However, scammers then coach Members on what to say or do—such as responding “Yes” to an alert—to override the fraud warning and allow unauthorized charges to go through.

Credit union impersonation fraud scam

Imagine this scenario

A United Member receives a phone call that appears to be from their credit union. The caller calmly explains that suspicious charges have been detected on the Member’s credit card and says they’re calling to help protect the account. The caller already knows the Member’s name and mentions a recent purchase, which makes the call feel legitimate.

Shortly after the call, the Member receives a fraud alert on their phone. When the Member hesitates, the caller reassures them and provides instructions on what to do next, explaining that responding to the alert will stop the fraud and keep the account secure. Trusting the call, the Member follows the instructions.

What the Member doesn’t realize is that the person on the phone isn’t from United. The alert was real, but the caller was the one who initiated the fraudulent charges—and responding as instructed; the Member unknowingly approved the transactions.

Red flags: How scammers impersonate financial institutions

  • Scammers will call or text pretending to be your financial institution.
  • They’ll do research and have information about you to make it sound legitimate.
  • They’ll ask for your credit card information.
  • You begin to see charges you never made on your credit card statement.
  • You discover charges marked as possible fraud on your credit card statement.
  • The scammer will coach you on how to override fraud alerts on your credit card.
  • They may use false pretense such as claiming you must respond “Yes” to stay enrolled in alerts, or that responding “Yes” will reverse the charge.

Tips to avoid getting scammed

  • Never give any of your credit card or account information to anyone who contacts you claiming to be your financial institution, even if they already seem to know some of your information.
  • Hang up immediately and call the financial institution directly (United FCU is 888-984-1400).
  • Never respond “Yes” to a credit card charge that you did not personally attempt. Only a scammer will pressure you to do this.
  • Never share any one-time passcodes that you receive via text message or email, for any reason. Your real financial institution will never ask for these codes.

United Federal Credit Union will never ask for these things:

  • Full credit card or account number
  • One-time passcodes
  • Share online banking credentials
  • Ask you to move money out of United to keep it safe
  • Tell you to override fraud alerts
  • Call immediately after an unauthorized charge is marked as 'no, this isn't me'

Keep reading to hear from United's Director of Fraud Operations

Man on phone with credit card

How Members can tell if a message is really from United

  • They ask for verbal password
  • Ask out-of-wallet questions to verify they're talking with the member
  • Ask to verify the last four digits only of credit card

What to do if you think you’ve been contacted by a scammer

  • Hang up immediately and contact United Member Service Center
  • Report suspicious activity
  • Visit a branch if you feel unsure

Q&A with Laura Campbell, United Federal Credit Union Director of Fraud Operations

To learn more about the financial institution impersonation fraud scam and how United's fraud team is protecting our Members, I spoke with Laura Campbell, United Federal Credit Union Director of Fraud. Here's what Laura had to say.

How common are financial institution impersonation scams right now, and why are we seeing more of them?

LC: “They are unfortunately very common. We see multiple cases per week with just within our United membership. Part of the reason they're so prevalent right now is because of data breaches. More information about our members is accessible to bad actors. They can use that information to make the scams seem more genuine. If someone calls you and claims to be from the United Fraud Department and they know your name, your full address, maybe your date of birth, possibly even some of the names of your relatives or other places that you've lived. 

If you think about the amount of information that's available just on the normal web that can be used to make a caller sound like they really are who they say they are, because they know so much about you. In reality, they're gathering that information online. And even more information is accessible on the dark web. Any emails, passwords, full or partial card numbers, anything that's for sale on the dark web can also be used to trick members into giving away information that will be used to do fraud.”

What does this scam look like from the member’s perspective? 

LC: “We see that in almost every case; members are getting a text message that pretends to be from the Fraud Department about a possible fraudulent charge. And when they respond, ‘no, this wasn't me,’ they get a phone call and that call is coming from a spoofed number, so it will look like the United number. If they are questioning if it's legitimate and do a search for the number that the call came from, it will show up that it's coming from United. If that member has United programmed in their phone as a contact, it's going to look like it's coming from their stored contact of United Federal Credit Union. So that kind of sets it up for them to be vulnerable to those types of impersonation.”

How can our members protect themselves against this fraud scam?

LC: “We have a lot of monitoring in place to flag suspicious transactions and stop them from being processed. The fraudsters know this and they’ll make a workaround any way they can to still be successful in stealing money, like tricking the member into bypassing our monitoring and alerts. If they get a hold of a card number and try to make a fraudulent charge and that generates a fraud alert, that kind of stops them
 where they are - they need the member to participate to get that fraud alert resolved so that the transaction can process for the fraudster. 

As technology has evolved to get better at detecting and preventing fraud, there is more of a need for this type of deception and tricking the members into helping the fraudster get their money. But members aren’t liable for unauthorized charges. If someone's calling and asking them to take some kind of urgent action, they're still protected even if they don't take that action. Hopefully that gives them pause to think about what they're really being asked to do.”

Does United ever call or text Members about fraud—and how can someone tell if a message is really from United?

LC: “United absolutely does call and text members to verify, especially if they noticed unusual activity. We have a couple different methods that we will use to reach out. All debit cards and credit cards have real time monitoring 24/7 protection. If there's a suspicious charge, we may send an e-mail or a text message to that member depending on their preferences and it will ask: ‘This charge was noticed. Was this you? Yes or no?’ which is very similar to the way that the scammers structure their messages. 

The difference is with a legitimate message, once you respond ‘no,’ oftentimes there's not any additional action that you as the member need to take. We take it from there, like closing the card to prevent any further loss. That all happens automatically. With the scammer, they're going to call you very quickly after you respond to the scam text message because they know they've got you on the hook and they're going to use that as the opportunity to gather information. 

The thing that is important for members to understand is that we are working continuously behind the scenes to protect them from fraud. We don't need them, in most cases, to take any action to facilitate that happening. We don't need their card number to prevent fraudulent charge from going through. We don't need their online banking credentials to access or restrict their online banking. We already have the ability to do all that, and we would never ask for any of that information to be shared with us because we already have what we need to protect them.”

worried about a scammer calling

What will United never ask of Members?

LC: “We will never ask for anything more than to verify the last four digits. We'll never ask them to move their money to keep it safe. We will never ask them to send a transaction to try to determine the source of fraud. We'll never ask them to move their money out of United to keep it safe.”

What will United ask of Members?

LC: “If we call the member directly, we would ask them for their verbal password. If they don't know their verbal password, we're going to ask out-of-wallet questions to make sure that we're actually talking with the member. We would never ask the member to give us their information back. We would just be verifying what we have on file for them.”

If a Member receives a suspicious call or text, what should they do in that moment?

LC: “If a member is on the phone with someone claiming to be from the United Fraud Department and that caller asks them for any information - card numbers, one time pass codes - anything that we don't normally ask for, they should immediately hang up and contact the Member Service Center and we will be able to advise if someone on the fraud team had reached out to them to verify a transaction.”

What’s the one message you want Members to remember about protecting themselves from impersonation scams?

LC: “Fraudsters and scammers use fear to influence the member’s behavior. They want you to be in a state of panic so that you don't have time to stop and think. If you get a call about a fraudulent transaction, don't feel like you need to panic, take immediate action, or do what the caller says right away. We are working constantly to protect their accounts. There is always time to hang up and call the Member Service Center directly to verify.

Anytime you hear the word fraud, take a breath, stop and take time to really evaluate what that caller is asking you for and what they're saying is going on. And if there's any suspicion at all, discontinue the call and contact United directly."

What U need to know

Financial institution impersonation scams are becoming more convincing—but knowing the warning signs can make all the difference. If you receive a call, text, or message claiming to be from United or another financial institution and something doesn’t feel right, pause and contact your credit union directly using a trusted phone number or by visiting a branch.

United will never ask for your full card number, online banking credentials, or ask you to override fraud alerts. Staying informed, acting quickly, and reporting suspicious activity right away helps protect not only your accounts, but other Members as well. Learn the red flags, trust your instincts, and remember—United is here to help keep your money and information safe.


United Member Service Center

(888) 982-1400

Member Service Center Hours:

Monday - Friday: 8:00 am to 9:00 pm ET

Saturday: 8:00 am to 4:00 pm ET


You are leaving UnitedFCU.com

Continuing will take you from United Federal Credit Union to a third-party website. United does not endorse or guarantee the accuracy of the information on this external site, which is not controlled by United. Accessing this site is your decision and subject to its terms and conditions.