Bank Impersonation Scam Targeting Businesses: How to Protect Your Account

A Growing Threat to Your Business

Fraudsters are becoming increasingly sophisticated in their tactics to target businesses. One particularly risky scam involves criminals impersonating your financial institution to gain access to your organization’s accounts. Fraudsters exploit the complexity of commercial banking relationships, shared account access, higher transaction limits and the fact that multiple employees may be authorized to move money. Businesses are attractive targets because a single successful call can lead to large dollar losses in minutes. Understanding how this scam works and knowing what your bank will never ask you to do are essential steps in protecting your organization. 

Why Businesses Are Targeted

Fraudsters deliberately focus on business accounts because they offer faster access to larger amounts of money and more opportunities to exploit internal processes. Unlike personal accounts, business banking environments are designed for efficiency and shared responsibility, which scammers exploit.

Higher Transaction Limits

Business accounts typically support larger dollar transactions, including wires and ACH payments that far exceed personal account limits. A single successful impersonation call can result in significant losses in minutes, making businesses especially attractive targets.

Multiple Authorized Users

Most business accounts allow multiple employees to access funds, approve transactions or manage account settings. Fraudsters rely on this shared access model, knowing they only need to deceive one authorized user to compromise the entire account.

Time-Sensitive Payments Like Payroll and Vendors

Businesses operate on tight timelines. Payroll deadlines, vendor payments and incoming receivables create natural pressure to act quickly. Scammers exploit this urgency by claiming that immediate action is required to prevent missed payroll, delayed payments or operational disruption.

Trust in Internal Roles and Approvals

Fraudsters insert themselves into trusted workflows, convincing employees they are following standard procedures rather than exposing the company to risk.

Understanding these vulnerabilities is essential. The same controls that make business banking efficient can be turned against an organization if employees are not trained to recognize and stop impersonation attempts.

How the Bank Impersonation Scam Works: A Step-by-Step Breakdown

The scam typically unfolds in four deliberate steps, each designed to build trust and create a sense of urgency that overrides your natural caution.

Step 1 — The Call: A Trusted Voice on the Line

The scam often begins with a phone call that appears to come from your bank’s official phone number. The caller claims to be from the bank’s fraud prevention or security department and may reference specific details about your account or business to establish credibility. In many cases, scammers research employee names, job titles and company structures in advance. The goal is to convince you that you are speaking with a legitimate representative from your financial institution. 

Step 2 — The Pressure: “Move Your Money Now to Prevent Fraud”

Once they have your attention, the scammer claims that suspicious activity has been detected on your account. They assert that fraudsters have compromised your existing accounts and that immediate action is required to protect your assets. To create urgency, they may tell you that your organization’s accounts will be frozen, your funds will be stolen or your business will suffer serious financial disruption. Scammers may reference payroll files, vendor payments, wire activity or upcoming ACH batches to make the threat feel especially real. They understand that even a brief disruption can impact employees, customers and suppliers. 

The solution they propose is to move your money to a new, secure account — often at a different financial institution where it will supposedly be protected. This pressure tactic is designed to override your rational thinking and push you into quick action without verification.

Step 3 — The Ask: Handing Over Authentication Codes

To complete the transfer or account verification, the scammer asks you to provide one-time passcodes, multifactor authentication (MFA) codes or even your login credentials. They may frame this request as “confirming your identity” or “authorizing the secure transfer.” This request often targets employees who believe they are completing a routine approval step rather than giving away full account access. 

Scammers often pose as helpful assistants, walking you through the steps and asking you to read the codes aloud or input them on your phone. Many victims comply because the caller sounds authoritative and the situation feels urgent. This is the critical moment — once they have these codes, they have everything needed to take over your account.

Step 4 — The Takeover: Account Access Is Compromised

With the authentication codes in hand, the scammer gains full control of your account. They can immediately transfer funds, change account settings, add authorized users or lock you out entirely. The damage is often discovered only after the fact, when you attempt to access your account or when suspicious transactions appear. By this time, funds may be gone, and the fraudster has vanished. The emotional and financial toll on businesses can be devastating, especially for smaller organizations that operate on tight margins.

What Texas Capital Will Never Ask You to Do

Understanding what your bank will never do is one of your strongest defenses against this scam. Texas Capital has clear policies designed to protect your security. 

Texas Capital will never ask for passwords or authentication codes.

Texas Capital will never request your password, PIN, one-time passcode (OTP) or any multifactor authentication code over the phone or via text message. These codes and credentials are uniquely tied to you and your account. They are the keys to your financial security, and a legitimate bank employee will never ask for them. If someone claiming to be from Texas Capital requests this information, hang up immediately and contact us directly using the official number on the back of your card or on our website.  

Texas Capital’s Commitment to Your Security

Texas Capital takes your security seriously. We invest in advanced fraud detection systems, employee training and customer protection policies to keep your accounts safe. Our commitment to never asking for sensitive information is a priority. If you have any doubt about a call claiming to be from Texas Capital, please hang up and call us directly. We would rather verify your identity through a separate call than put you at risk.

What to Do If You Receive a Suspicious Call

If you receive a call that sounds suspicious, follow these steps to protect your organization and its accounts.

Step 1 — Hang Up Immediately

If a caller is asking you to move money, open new accounts or provide authentication codes, that’s your signal to end the call right away. Even if the caller sounds legitimate, or even if they know details about your account, hanging up is the safest response. Trust your instincts — if something feels off, it probably is.

Step 2 — Call Texas Capital Directly Using Official Contact Information

After hanging up, do not call any number provided by the suspicious caller. Instead, use the official contact number on the back of your Texas Capital debit or credit card, or visit Texas Capital’s official website to find verified contact information. Call us directly to verify whether the call you received was legitimate. Texas Capital’s fraud team can check your account history and let you know if there was any actual suspicious activity reported. If your company has an internal treasury or finance lead, notify them immediately so they can monitor activity and reinforce internal controls.

Step 3 — Never Share Codes or Account Information

Even if someone on the phone sounds like they work for Texas Capital and claims there’s an emergency, do not share any authentication information. Providing one-time passcodes, security questions, login credentials or any sensitive information can result in immediate account takeover. Once these codes are compromised, a fraudster can access your account faster than you can hang up the phone. 

Step 4 — Report the Scam to Texas Capital and Authorities

Contact Texas Capital to report the suspicious call. Document the caller’s number, the time of the call, what they said and any details you remember about the interaction. This information helps Texas Capital identify fraud patterns and protect other customers. You may want to file a report with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and consider notifying local law enforcement if any fraudulent transactions occurred. Businesses should also review internal approval logs and recent transactions to confirm no payment or account changes were made during the interaction.

Protect Your Team: Employee Education Matters

In a business environment, fraud prevention is a shared responsibility, and your employees are often the first line of defense against these scams. Anyone who answers phones, handles account inquiries or manages company finances needs to understand this threat.

Brief All Employees on This Scam Tactic

Share this information with every member of your team, especially those who might receive calls or handle financial matters. Ensure they understand the four-step breakdown of the scam and know the warning signs: requests to open new accounts, pressure to act quickly and demands for authentication codes. The more informed your team is, the less vulnerable your organization becomes.

Create a Company Verification Protocol

Establish a clear company policy: if anyone receives a call claiming to be from the bank, they should hang up and verify the caller by calling the official bank number. This should be a standard procedure for everyone in your organization. Make it easy. Post the official Texas Capital phone number in visible locations so employees know exactly who to call. Create a culture where verification is encouraged and never penalized.

Document and Share Incidents

If any employee receives a suspicious call, have them document the caller’s information, what was said, the time and any other details they remember. Share these incidents with your entire team so everyone learns from the attempt. This creates awareness and helps prevent colleagues from falling for the same scam. It also provides valuable information to Texas Capital’s fraud prevention team.

Three Critical Rules to Remember

Keep these three rules in mind to protect against fraud:

• Legitimate banks will not ask for passwords or authentication codes over the phone, via email or by text.
• Banks never instruct you to open new accounts at other financial institutions to resolve a fraud issue.
• Always hang up and call your bank directly using official contact information if you receive a suspicious call.

Questions? Report Suspicious Activity to Texas Capital

If you’ve received a suspicious call claiming to be from Texas Capital, or if you’ve already shared authentication codes with a caller, contact Texas Capital immediately. Timely reporting is important, as available protections and recovery options may vary depending on account type and circumstances. 

To report fraud or verify a call from Texas Capital, call the number on the back of your debit card or visit our website.