WhoCalledLookup
Look up a number
Safety

Bank scam calls UK — the scripts and how to respond

Bank scam calls UK — the four 2026 bank-impersonation scripts (safe account, OTP, fraud verification, card-cancellation), why 159 is the single best defence.

5 min read
By
Managing Director, OmegaIT · OmegaIT · Published 15 May 2026 · Updated 15/05/2026
On this page

Bank-impersonation scam calls are the highest-value UK fraud category by losses — UK Finance reports billions of pounds annually in Authorised Push Payment (APP) fraud, with the largest single category being scammers impersonating bank fraud teams. This guide covers the four current scripts, the red flags every UK bank publishes, and the single most important defence: the 159 Stop Scams callback service.

Script 1 — the 'safe account' scam

The single highest-volume bank scam in the UK:

This is Barclays fraud team. We've spotted suspicious transactions on your account. For your safety, we need to move your money to a new safe account in your name. I'll stay on the line while you transfer it.
Common UK scam call script (paraphrased)

Why it's a scam: UK banks do not have 'safe accounts'. They cannot create a new account for you over the phone in minutes, and they will never ask you to transfer money to one. UK Finance and every major UK bank publish this rule explicitly.

Your bank will never ask you to transfer money to a 'safe account'. If anyone calls you, claiming to be from your bank, with this request, it is a scam. Hang up and call 159.
UK Finance — Take Five to Stop Fraud

Script 2 — the OTP / one-time-code scam

The scammer initiates a real password-reset or new-payee-setup on the victim's bank account (using credentials harvested earlier, e.g. via a phishing site or a previous data breach). The bank's automated system texts a one-time code to the victim's phone. The scammer calls:

We've just sent a security code to your phone. To verify your identity, please read me the six-digit code.
Common UK scam call script (paraphrased)

Why it's a scam: One-time codes are for you to type into your app. Banks never ask you to read them aloud. If a caller asks for a code, they are trying to complete a high-risk action on your account using your own MFA against you.

Script 3 — the card-cancellation scam

Often follows a card-skimming incident or stolen-data breach:

Your card has been compromised in a recent data breach. We need to cancel it and issue a replacement. Please confirm your card number, expiry and CVV so we can match it to our records.
Common UK scam call script (paraphrased)

Why it's a scam: Real card cancellations don't require you to confirm the existing card to the bank — the bank already has it. If anything, real fraud teams ask you to confirm partial details ('the last four digits') and they fill in the rest themselves, not the other way around.

Script 4 — the courier-collection scam

Sometimes called 'card-pickup fraud':

Your card has been compromised. We're sending a courier to collect it for forensic analysis. Please cut it in half — they'll pick up both halves and we'll FedEx your new card tomorrow.
Common UK scam call script (paraphrased)

Why it's a scam: UK banks do not send couriers to collect cards. New cards are issued by post (or instantly via the bank's app). The 'courier' who arrives is a money mule collecting the (still-functional) card halves — which can be reassembled and the magstripe still skimmed.

Universal bank-scam red flags

Memorise this list. If any one of these appears in a call claiming to be from your bank, it is a scam — without exception:

  • 'Move money to a safe account' — never happens.
  • 'Read out the one-time code' — never happens.
  • 'Confirm your full card details to verify you' — never happens.
  • 'A courier will collect the card' — never happens.
  • 'Install AnyDesk / TeamViewer / our security app' — never happens.
  • 'You must act in the next 5 minutes' — real fraud teams are patient.
  • 'Don't tell anyone, including bank staff in branch' — the secrecy ask is itself a red flag.

The defence — 159 + slow down

The single most useful UK consumer-safety number, after 999, is 159. Free from any UK landline or mobile. Connects you straight to your bank's fraud team without going through any caller-controlled menu and without depending on the displayed CLI being genuine. See the dedicated guide at 159 explained.

What to do if you've been scammed

  1. Dial 159 immediately. APP fraud recovery rates are highest in the first hour.
  2. Change your bank app password on a different device than the one you used during the call.
  3. Enable 2FA / MFA on your bank account if it wasn't already.
  4. Report to LINK0 — required to claim against Contingent Reimbursement Model (CRM) protections.
  5. Check your credit file at all three UK bureaus (Experian, Equifax, TransUnion) — scammers often try to take out credit immediately.
  6. Tell anyone the scammer mentioned — the script often involves 'don't talk to your branch' precisely because the branch is the next obvious safety net.

What the banks themselves say

Every UK major bank (Barclays, HSBC, Lloyds, NatWest, Santander, Nationwide, TSB, Monzo, Starling, Metro, Tide) publishes a public 'we will never' list that mirrors the red flags above. UK Finance aggregates them under the Take Five to Stop Fraud campaign, with the central message:

  • Stop — taking a moment to think before parting with money or information could keep you safe.
  • Challenge — could it be fake? It's OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
  • Protect — contact your bank immediately if you think you have fallen for a scam, and report it to Action Fraud.

Bottom line

UK bank-impersonation scams are the single largest fraud category by loss. The scripts are public and well-documented; the defence is equally well-documented (159 + the 'we will never' red flags). Hang up the moment you suspect, dial 159, and use the Take Five three-step. There is no cost to being cautious about a real bank call; there is no recovery for being trusting about a scam.

Look up a UK number now

Free, no signup. See the Ofcom range holder + AI internet check.

Frequently asked questions

Do UK banks ever ask you to move money to a 'safe account'?

No. No UK bank has 'safe accounts'. Any call asking you to move money — even briefly, even 'in your own name' — to protect it from fraud is itself a scam. Hang up and dial 159.

Should I read out a one-time security code to a caller?

Never. One-time codes are for you to type into your own banking app. A caller asking you to read out a code is trying to complete a high-risk action on your account using your own MFA against you.

What is the 159 service for bank scams?

159 is a free UK short code that connects you straight to your bank's fraud team without going through any caller-controlled menu. Launched in 2021 by Stop Scams UK and supported by every major UK bank. The single best defence against bank-impersonation calls. See our dedicated 159 explainer.

What is APP fraud and can I get my money back?

Authorised Push Payment fraud is where the victim is tricked into authorising a payment to a scammer. Under the UK Contingent Reimbursement Model (CRM) and the Payment Systems Regulator's APP reimbursement rules, most APP fraud is now reimbursable, especially when reported quickly and with an Action Fraud reference.

Sources & references

  1. 159 — the Stop Scams UK service
    Stop Scams UKstopscamsuk.org.uk/159
  2. UK Finance — Take Five to Stop Fraud
    UK Financewww.takefive-stopfraud.org.uk
  3. Action Fraud — UK fraud reporting
    City of London Policewww.actionfraud.police.uk
  4. Tackling scam calls and texts: 2024 progress report
    Ofcomwww.ofcom.org.uk/phones-and-broadband/scam-calls-and-texts
  5. Report a phishing or scam call
    gov.ukwww.gov.uk/report-suspicious-emails-websites-phishing

Continue reading

Related guides