FakeOrLegitCheck now

Fake Bank of America Fraud Alert Text Scam

The Bank of America fraud alert text scam is one of the highest-volume financial impersonation attacks in 2026, and the version going around now is materially different from the sloppy 'click this link' messages of earlier years. It follows a deliberate two-stage script: first you get a real-looking automated SMS asking you to confirm a recent transaction, then if you reply NO (which is the expected, reasonable reaction) a 'fraud agent' calls you within ten minutes claiming to help. The text itself is bait. The follow-up phone call is where the money actually leaves your account.

This scam works against careful, technically aware people because of timing and authority cosplay. The text arrives at a moment of plausible deniability, did I authorize that $899 charge at Target?, and references a real, common merchant. When the supposed agent calls, they already know your phone number, your bank, and the exact amount you just disputed, because you just told them by replying NO. They have all the ammunition they need to sound legitimate, and the call usually opens with friendly relief: 'Good, we caught it in time, let's get your funds secured.' From there it is a guided walkthrough into a wire transfer or a Zelle-to-self setup that actually sends to a scammer-controlled account.

Real Bank of America fraud notifications come through three channels and three channels only: push notifications inside the BofA mobile app, in-app secure messages, and pre-recorded calls from the fraud department's published numbers (which you can find on the back of your card). Real BofA transaction-confirmation texts come from a five-digit short code (currently 30255 or 73247 in the US), never from a ten-digit number that looks like a personal phone. Real BofA agents never ask you to move money to a 'safe' or 'temporary' account, and never need you to read out a verification code that was just sent to your own phone.

FakeOrLegit is independent and not affiliated with Bank of America. The patterns below are confirmed against current FBI IC3 and FTC consumer-advisory feeds for 2025-2026 plus our own sample of impersonation reports submitted to the checker. If you have already engaged with one of these texts or calls, scroll straight to the 'What to do' section before reading the rest.

Warning signs

  • The sender is a ten-digit phone number, not one of BofA's published short codes (30255 or 73247 in the US). Personal-style numbers cannot send real BofA fraud alerts.
  • The text claims a specific transaction amount and well-known merchant name (Target, Best Buy, Walmart) to feel plausible, the merchant detail is a social-engineering choice, not a sign of legitimacy.
  • It asks for a YES or NO reply. Real fraud detection at BofA acts automatically; the bank does not need you to text back to flag a transaction.
  • After you reply NO, you receive a phone call within five to ten minutes from someone claiming to be the BofA fraud department. The speed is the tell.
  • The caller already knows your name, phone number, bank, and the exact transaction amount you disputed, because you handed them all of that with your reply.
  • The caller offers to 'secure' your funds by moving them to a 'temporary safe account' or by walking you through a 'Zelle-to-yourself' transfer. Neither of these is a real BofA fraud response.
  • Urgency language: 'we need to act before the fraud clears', 'before the 5 PM ACH cutoff', 'while I still have access to the case'.
  • The caller may ask you to read out a verification code that was just texted to your phone. Sharing that code lets them log into your real online banking.
  • The 'safe account' they want you to transfer to is not in your name despite what they claim. The account number, when revealed, is at a different bank.
  • They actively discourage you from hanging up to call BofA back through the official number on your card. Any real agent would welcome you doing exactly that.

What to do

  • Do not reply YES or NO. Do not even text STOP. Any reply confirms your number is active and feeds the scammer's profile of you.
  • Open the BofA mobile app yourself and check the activity feed under your account. If there is a real fraudulent charge, dispute it directly inside the app under the transaction detail.
  • If a call comes in immediately after the text claiming to be BofA fraud, hang up without engaging. Then call BofA fraud yourself using the number on the back of your card or 1-800-432-1000.
  • If you already replied to the text, do not reply again. Block the number and screenshot the exchange for your records.
  • If you took the follow-up call and shared any account details, password, or verification code: call BofA fraud immediately at 1-800-432-1000 from a different device or line. Change your online banking password from a device that did not interact with the scammer.
  • If you initiated any wire transfer or Zelle transfer at the caller's direction, contact BofA fraud within the hour. Wire recall is sometimes possible inside the first 24 hours if the recipient bank cooperates; Zelle recovery is much harder but worth trying.
  • Forward the original SMS to 7726 (SPAM) to help carriers shut down the sender's number. Costs nothing and feeds the carrier's automated takedown systems.
  • If you lost money or shared sensitive information, file an FTC report at reportfraud.ftc.gov and an IC3 complaint at ic3.gov. Insurance and dispute processes often require an official case number on file.

FAQ

Does Bank of America actually text customers about transactions?
Yes, but only if you explicitly enrolled in transaction alerts inside the BofA app or online banking, and only from their five-digit short codes (30255 or 73247 in the US). A personal-looking ten-digit number is always fake, even if the wording sounds correct.
Will replying STOP make the scam stop?
For real BofA alerts, STOP opts you out. For scam texts, STOP confirms your number is active and may trigger more spam and a follow-up call. Treat the entire conversation as untrusted, do not reply STOP, just block and delete.
What if I already gave the 'fraud agent' my online banking password or a verification code?
Call BofA fraud at 1-800-432-1000 immediately from a different device. Change your online banking password and any password you reuse. Turn on two-factor authentication if it is not already on. If you cannot reach BofA inside an hour, consider moving your most liquid funds to a different bank temporarily so the scammer cannot drain them while you wait.
Can BofA reverse a wire or Zelle transfer I made under pressure?
Sometimes. Wires under 24 hours old can occasionally be recalled if the recipient bank still has the funds and cooperates. Speed is the key variable, call within minutes, not hours. Zelle is harder to reverse because it is treated like cash, but a fraud claim filed inside BofA can still trigger investigation and partial reimbursement in some account-takeover cases.
How did the scammers know I am a BofA customer at all?
Most of the time they did not. They send the same SMS to massive randomized phone lists; the people who happen to be BofA customers respond, which self-selects the targets. Personal information from past data breaches (Equifax, T-Mobile, others) is sometimes cross-referenced to make the text more convincing, but the underlying scale is bulk-spray, not targeting you specifically.

Run a check now

If a specific link or message triggered this guide, paste it for an instant risk report.

Related guides

Disclaimer

FakeOrLegit provides automated risk signals based on publicly observable patterns. We do not guarantee that any site, email, or message is safe or unsafe. Always use your own judgment, and contact the real institution directly to verify any request before sharing personal or payment information.

FakeOrLegit is not affiliated with Bank of America. Bank of America did not send and does not endorse this analysis.