The Tangerine Scam (2026) | Tutela Digitalis

The short answer

The "Tangerine scam" is impersonation, not a breach of the bank. A text or email that looks like Tangerine warns of "unusual activity" and links you to "verify your account" — the link opens a fake Tangerine login page that captures your Client Number, password, security questions and one-time passcode (OTP). With those, the fraudster logs in and empties the account (an account takeover). Tangerine's own security pages describe exactly this. The one rule that defeats it: Tangerine never texts or emails you a link to log in, and never asks for your Client Number, password, PIN, security questions or OTP. Below is a recreated example, then a beat-by-beat decode.

If you bank with Tangerine, look at the message below before you ever tap a "verify your account" link. The scam doesn't break Tangerine's security — it borrows Tangerine's voice and your own instinct to protect your money.

Recreated example of a Tangerine smishing text on a phone: a message from an unknown sender reading 'Tangerine: We've detected unusual activity on your account. Verify now to avoid suspension' with a fake link, decoded beside it — the unknown sender, the urgency, the login link a real bank never sends, and the rule to open the official app yourself. — What the scam looks like, recreated from Tangerine's own described pattern — a real bank never texts you a login link. Example only, not a captured real message; link disabled.

Why a "security alert" is the perfect disguise

A fraud warning is the one message you're primed to act on fast — which is exactly why scammers wear it. The text mimics the alert you'd want, attaches a deadline ("verify now to avoid suspension"), and gives you a single, helpful-looking button. Tangerine, the Canadian Anti-Fraud Centre and Canadian media have all flagged bank-impersonation as one of the fastest-growing fraud types; the CAFC reported Canadians lost more than $704 million to fraud in 2025 — a record — and estimates only 5–10% of fraud is ever reported, so the real total is far higher. Tangerine itself lists account takeovers and impersonation among the threats to watch.

It's the same engine as the fake bank-app text in the UAE and the fake "fraud team" call everywhere: impersonate the bank, manufacture urgency, and get you to hand over the one credential — the one-time code — that's supposed to keep you safe. There's nothing to "hack" when you type the code in yourself.

Anatomy of the scam — decoded

The Tangerine smishing scam is a short sequence built on fear and a helpful-looking link. Naming each move is what makes it visible.

1The 'unusual activity' alert

“Tangerine: We've detected unusual activity on your account. Verify now to avoid suspension.”

The lever — Authority + fear. It looks like the exact alert a careful person hopes their bank sends. The brand name, the threat to your money, and the deadline together switch off deliberation — you want to fix it before anything bad happens. That urgency is the product, not a side effect.

The counter — A real Tangerine alert never carries a login link or a deadline to 'verify.' The pressure to act in seconds is the tell.

2The link to a fake login page

The link opens a page that looks just like Tangerine's and asks you to log in to 'confirm your details.'

The lever — The verify reflex. The page is a near-perfect copy. As you 'log in,' it harvests your Client Number, password and security questions in real time. Because you went there to protect your account, typing your credentials feels like the responsible thing to do.

The counter — Banks don't send you to a login page by link. Open the Tangerine app yourself or type tangerine.ca — never authenticate through a link someone sent you.

3The one-time code that hands over the account

The page asks for the verification code Tangerine just texted you. You enter it.

The lever — The code feels like security. The one-time passcode feels protective, so handing it over feels safe. But the fraudster is logging in at that exact moment, and your code is the last door. The instant you type it, they're in — and they can move money and lock you out.

The counter — A one-time code is the key to your account. No legitimate process ever needs you to read it out or type it into a page you reached from a link. Tangerine will never ask for it.

Two things that follow. First, the recovery trap: if a fraudster used your stolen credentials, you may be covered by zero-liability — but Canadian banks can refuse it if they decide you "contributed" by sharing a password or code, which is exactly what phishing is designed to make you do. Second, within days a "fraud department" may call to "help secure your account" or "recover your money" — that is the second scam. Real banks and authorities never cold-call asking you to move money or confirm a code.

What to do

1Don't tap the link. A real Tangerine message never sends you to a login page — open the app yourself or type tangerine.ca. To check a suspicious email, forward it to phishing@tangerine.ca.

2Remember what Tangerine will never ask for: your Client Number, password, PIN, security questions, or one-time code. Any message that asks is a scam — full stop.

3If you entered any details, act fast: call Tangerine to lock the account (it lists 1-888-826-4374 for suspicious activity and 1-888-723-3304 for phishing), change your password and any you reused, and turn on 2-Step Authentication.

4Place a fraud alert with Equifax and TransUnion, report to the Canadian Anti-Fraud Centre (1-888-495-8501), and see the full Canada reporting directory and recovery odds.

5Unsure whether a message or site is real? Run it through our Scam Checker or send it to our free case review before you act.

From the field. What makes the Tangerine text work is that it weaponises your good instincts. You're not being tricked into greed or a too-good deal — you're being told your money is in danger and handed a fast way to protect it. Everything after that feels responsible: clicking, logging in, confirming the code. The scam needs only the few seconds in which "verify my account" overrides "banks don't send login links." So the defence isn't suspicion of every message — it's one boring rule that costs nothing: you never log in through a link someone sent you, and you never share a one-time code. Go to the bank; don't let the message bring the bank to you.

Got a "Tangerine" text you're not sure about? Send it to us first.

Paste the message or the link. A real expert reviews every case and replies within 24 hours. Free, confidential, no pressure — before you tap anything.

Submit a free case review →Where to report a scam in Canada

Common questions about the Tangerine scam

What is the Tangerine scam?

It's an impersonation scam, not a breach of Tangerine itself. You receive a text or email that looks like it's from Tangerine, warning of "unusual activity" or that your account is locked, with a link to "verify your account." The link goes to a fake Tangerine login page that captures your Client Number, password, security questions and one-time passcode (OTP). With those, the fraudster logs in and drains the account — what Tangerine calls an account takeover. Tangerine's own security pages describe exactly this pattern. The single rule that defeats it: Tangerine never sends a text or email asking you to log in through a link, or asking for your Client Number, password, PIN, security questions or OTP.

How do I tell a real Tangerine message from a fake one?

Read what it asks you to do, not how official it looks. Tangerine states it will never email or text you asking for your Client Number, Account Number, security questions, PIN or one-time passcode — and it won't send you a link to log in. A genuine alert tells you to open the Tangerine app yourself; a scam gives you a link or a number to call. When in doubt, don't tap anything: open the official app or type tangerine.ca yourself, or call the number on the back of your card. You can forward a suspicious email to phishing@tangerine.ca to have it checked.

Will Tangerine refund money lost to the scam?

Be realistic — Canada has no law that forces a refund, so it's case-by-case and at the bank's discretion. If the transactions were unauthorised (a fraudster used your stolen credentials), you may be covered under Interac's or the card network's zero-liability policy — but it is not automatic, and banks can deny it if they decide you "contributed" by sharing a password or one-time passcode. That's the cruel catch with phishing: its whole purpose is to get you to hand over that code, which the bank may then treat as your fault. Money you were tricked into sending yourself by Interac e-Transfer is the hardest of all to recover; CBC's Go Public has documented many Canadians refused reimbursement. Report fast and see our Canada guide for the full process.

I clicked the link / entered my details — what do I do now?

Act immediately. Call Tangerine to report it and lock the account (Tangerine lists 1-888-826-4374 for suspicious activity and 1-888-723-3304 for phishing), and forward the message to phishing@tangerine.ca. Then change your Tangerine login and any password you reused, enable 2-Step Authentication, place a fraud alert with Equifax and TransUnion, and check your other accounts for unauthorised activity. Report it to the Canadian Anti-Fraud Centre (1-888-495-8501) and the police. Be wary of anyone who then calls offering to "recover" your money or claiming to be the bank's fraud department — that is the second scam.

Sources & further reading

Claims here follow Tangerine's own security pages, the Canadian Anti-Fraud Centre, and CBC's Go Public reporting on Canadian bank-fraud reimbursement. The recreated message is built from Tangerine's described pattern, not a captured real text.

A text from "Tangerine" says your account has unusual activity. The link is a trap, and the code you type next hands over your account.