France: The Fake Bank-Advisor Scam

The short answer

The fake bank-advisor call — faux conseiller bancaire — is someone posing as your bank's fraud department who talks you into "protecting" your money by reading out a code, validating a payment, or moving funds to a "safe account." It is convincing in 2026 because, after the 2024 breaches at Free (around 5 million IBANs exposed) and France Travail (some 36.8 million people), the caller often already has your real name, address and IBAN. The one rule that defeats it: your real bank will never ask you to move money to another account, read out a one-time code, or validate a payment over the phone. If a caller asks for any of those, hang up and call your bank back on the number printed on your card.

If you have already moved money or validated a payment and want the emergency steps, skip to if you already paid. With a live transfer, minutes decide whether you see it again.

For years, the advice against phone scams was "your bank will never call you out of the blue." Criminals adapted, and the modern faux conseiller bancaire is built precisely to survive that instinct. The caller is calm, professional, and — this is the new part — armed with information only your bank should have. They are not fishing for your details. They are reciting them back to you to earn your trust, then using that trust to make you do the one thing that actually empties the account.

Why the call is so convincing now

The fuel for the 2026 wave was poured in 2024. French organisations were breached on an industrial scale: the telecoms operator Free confirmed attackers reached data for roughly 24 million customers, including about 5 million IBANs, and France Travail, the public employment agency, reported a breach touching some 36.8 million people. Names, addresses, dates of birth, phone numbers, account numbers — all of it circulating.

Hand a scammer that data and the script writes itself. They open with your real name and address, "confirm the last digits of your IBAN" to prove they're really your bank, and only then introduce the emergency. By the time the frightening part arrives, you have already filed them under "genuine." The scale is on the record: the Banque de France's Observatoire de la sécurité des moyens de paiement put total payment fraud at roughly €1.2 billion in 2024, and Cybermalveillance.gouv.fr's 2024 report logged more than 420,000 assistance requests (+49.9%) — with the fake bank-advisor scam up 78% and singled out as a defining threat. The data breach and the bank call are two ends of the same machine.

How the call actually goes

Almost every faux conseiller bancaire call follows the same arc, because it works:

—The number looks right. Your screen shows your bank's real number — spoofed. The match is meant to switch off your suspicion before the first word.

—They prove they 'know' you. Your name, address, sometimes part of your IBAN — recited from breached data to establish that they could only be the bank.

—The manufactured emergency. "We've detected a fraudulent transfer of €2,400 leaving your account right now." Panic is the point; a frightened brain stops checking.

—The 'rescue' that is the theft. To 'block' it, they need you to read the code they're texting you, validate a payment in your app 'to cancel it', or move your balance to a 'safe account' while they 'secure' yours.

—The pressure to stay on the line. "Don't hang up or the transfer completes." Staying on the line, and off the phone to your real bank, is the only way the scam survives.

Notice what every version has in common: at the decisive moment, you are asked to perform the action — read the code, tap validate, confirm the transfer. That is not incidental. The criminal may already have your password from a breach, but your bank's defences still need one final human approval, and only you can give it. The entire performance exists to make you supply that last tap yourself.

Recreated iPhone incoming-call screen showing a spoofed caller ID reading 'Votre banque — Service sécurité · anti-fraude' with a French phone number, the example used to illustrate the faux conseiller bancaire scam. — What the spoofed call looks like, recreated. The number is faked (spoofing) to display as your bank's; the “Service sécurité · anti-fraude” label and the calm professional who already knows your address are the bait. Example only — not a real call, the screen is inert.

The one thing your real bank will never do

Strip away the theatre and the whole scam rests on getting you to do something no genuine bank will ever ask of you by phone. Your bank will never ask you to:

—Move money to a 'safe', 'holding' or 'secure' account. There is no such thing. A bank protects your money where it already sits; it never phones you to transfer it elsewhere.

—Read out a one-time code (3-D Secure / SMS code). Those codes approve actions on your account. Reading one to a caller hands them the approval they're missing.

—Validate or confirm a payment 'to cancel it'. Confirming a payment sends it. 'Validate to block the fraud' is the fraud.

—Give your full card number, passwords or secret answers. Your bank already has what it needs and never asks you to recite credentials to verify yourself.

—Install remote-access or 'support' software. A fraud team does not take control of your phone or laptop to 'help'.

If a caller asks for any one of those, you do not need to work out whether the rest of the call was genuine. The request alone is your answer. Hang up.

How to shut it down

1Hang up — a real fraud department is fine with that. The whole scam depends on keeping you on the line, anxious and rushed. You are always allowed to hang up. A genuine bank security team will never be offended that you ended the call to verify; a criminal will pressure you to stay on. Ending the call costs you nothing and breaks the spell.

2Call your bank back yourself, on the number on your card. Do not call back the number that called you, and do not use a number the caller gives you. Use the number printed on the back of your bank card or in your official banking app. If the 'emergency' was real, it will still be there when you call in. If it was a scam, the real bank will tell you so.

3Never read out a code, never validate a payment to 'cancel' it. The one-time codes your bank sends, and the validations in your banking app, exist to approve YOUR actions — sending money, adding a payee. A criminal who has your password still needs you to read the code or tap 'validate'. 'Confirm this to block the fraud' is a lie: confirming it IS the fraud. No legitimate agent ever needs your code.

4Never move money to a 'safe account' or install 'support' software. There is no such thing as a safe account your bank moves your money to over the phone, and your bank's fraud team does not need remote-control software on your device. Both are the theft itself, dressed as the rescue.

5Treat the caller ID as meaningless. Spoofing lets the screen show your bank's real number. A matching number is not verification. The only verification is you hanging up and calling the official number yourself.

6If you already paid: report in minutes and in writing. Call the bank's official line to block and freeze, file a Perceval (card) or THÉSÉE (online fraud) report via service-public.fr, ring Info Escroqueries on 0 805 805 817, and put your dispute to the bank in writing the same day. Speed and a paper trail are what get money back.

If you already paid — the emergency steps

If you moved money, read out a code, or validated a payment, treat it as live and move in this order:

1Call your bank now on its official number (on your card), report the fraud, and ask them to block the transfer and freeze the account. Do this before anything else — a transfer caught early can sometimes be recalled.

2Put your dispute in writing the same day. Under the French monetary code an unauthorised payment reported without delay must in principle be refunded; banks often argue you "authorised" it, so a dated, written report protects you.

3If a card was used, file a Perceval report through service-public.fr; for other online fraud, file on the THÉSÉE platform there.

4Call Info Escroqueries on 0 805 805 817 for guidance on your next steps, and France Victimes on 116 006 for free support.

5Change your online-banking password and any reused passwords from a different, trusted device, and turn on the strongest app-based validation your bank offers.

6Report the fraud to cybermalveillance.gouv.fr, or use our international reporting directory if you are abroad.

Then expect the second call. People who have just lost money are sold to other criminals as a fresh target for a recovery scam — someone who phones claiming to be a lawyer, a regulator, or a "fund recovery" service that can get your money back for an upfront fee. No legitimate body charges you in advance to recover stolen money. The recovery offer is the same predators coming back for what's left.

From the field. The cruel part of this scam is that doing nothing wrong still isn't enough. You didn't click a dodgy link or fall for a typo-ridden email — you answered your phone, and a calm professional who knew your address told you your savings were under attack. Fear does the rest, and fear doesn't care how clever you are. The defence isn't being harder to fool; it's having one fixed habit that fear can't override: hang up, and call the bank back on the number on your card. Make that automatic and the script has nothing to grab.

The one rule

If you take one habit from this piece, take this: no genuine bank ever asks you, by phone, to move money, read a code, or validate a payment. Hang up and call back on the number printed on your card. The caller who already knows your IBAN knows it because it was stolen — not because they're your bank.

Got a call like this — and not sure what you said? Tell us before you panic.

Describe the call and what you shared. A real expert reviews every case and replies within 24 hours — free, confidential, nothing to sell.

Submit a free case review →Scammed in Europe — can you get it back? →

Common questions about the faux conseiller bancaire scam

What is the faux conseiller bancaire scam?

It is the fake bank-advisor scam: a caller pretends to be from your bank's fraud or security department, says your account is under attack, and talks you into 'protecting' your money — by reading out the codes your bank texts you, validating a payment in your app, or moving funds to a 'safe account' that belongs to the criminal. France's cyber-victim platform Cybermalveillance.gouv.fr has reported a sharp rise in this fraud. What makes the 2026 version so dangerous is that the caller often already has your real details — name, address, and even your IBAN — so the call sounds genuine from the first second.

How do the scammers already know my bank details?

From large data breaches. In 2024, French companies were breached on a mass scale — the telecoms operator Free confirmed attackers accessed data for around 24 million customers, including roughly 5 million IBANs, and France Travail (the public employment agency) reported a breach affecting some 36.8 million people. With your name, address, date of birth, phone number and IBAN circulating, a criminal can build a call that already 'knows' you. The data is the reason the script works.

Will my real bank ever ask me to move money to a 'safe account'?

No. This is the single most important rule. A genuine bank will never call and ask you to transfer your money to a 'secure' or 'holding' account, to read out a one-time code or validate a payment 'to cancel it', to give your full card number or passwords, or to install software so they can 'help'. Every one of those is the scam. If a caller asks for any of them, hang up and call your bank back yourself on the number printed on your card.

The number that called me was my bank's real number — how?

That is spoofing: software lets a caller display any number they choose, including your bank's or a public administration's. A matching number on your screen proves nothing. France has begun rolling out anti-spoofing authentication for calls, but you cannot rely on the displayed number to tell you a call is genuine. Treat the caller ID as decoration, not proof.

I already moved money or validated a payment — what do I do now?

Act in minutes, not hours. Call your bank immediately on the official number to report the fraud and ask them to block the transfer and freeze the account — under the French monetary code, an unauthorised payment you report promptly must in principle be refunded, though banks often resist when they argue you 'authorised' it, so report fast and in writing. If a bank card was used, file a Perceval report via service-public.fr; for other online fraud, use the THÉSÉE platform. Call Info Escroqueries on 0 805 805 817 for guidance, and France Victimes on 116 006 for support. Then ignore anyone who later offers to 'recover' your money for a fee.

Sources & further reading

Claims in this piece are attributed to these sources. Click any of them to verify.

Your bank's "fraud team" calls — and they already know your name, address and IBAN. That's exactly why it isn't your bank.