A call from “the security team”? That’s not us.
In the full article: how the scheme works step by step, the warning signs to spot an attack, and a 6-point checklist to protect your account today.
One Phone Call and Your Account Is Empty
A single phone call can cost a business everything in its account. Fraudsters pose as your bank’s support team, address you by name, rush you – and ask for the code from a text message “to cancel a suspicious payment”. Two minutes later, the money is gone for good.
We analysed real business-account takeover cases from early 2026. The conclusion is clear: 6 out of 10 attacks do not start with hacking, but with an ordinary phone call or link – and in 58% of cases the fraudster’s first move is to change your phone number so they can intercept every code.
Remember one rule: Finom never calls customers to ask for a code, a password, or to click a link. If someone calls “from Finom” asking for any of that – it’s a fraudster.
Discover our business accountWhy this matters right now
Account takeover (ATO) sounds like something technical and rare. In reality, it’s one of the most common and fastest threats facing entrepreneurs. And here’s the key thing to understand: in the vast majority of cases, fraudsters don’t need to hack anything. They need you to open the door for them.
When we examined real incidents from early 2026, we found that 60% of attacks rely on social engineering – in other words, on a conversation – and about half also involve phishing (fake emails and links). Technical breaches, malware, and SIM swaps account for a much smaller share. In short, your biggest risk isn’t a “weak password” – it’s a convincing voice on the other end of the line.
The good news is because these attacks rely on deceiving a person, the defence comes down mostly to simple habits, and not expensive technology.
The one rule worth remembering forever
Before we get into the mechanics, this is the most important point:
Finom never calls or messages customers to ask for a password, a text message or push code, or to click a link to “confirm” or “cancel” a transaction.
Genuine support never needs your codes – they exist precisely to protect you from outsiders. So any call or message “from the Finom security team” making such a request is fraud, no exceptions. If in doubt, simply end the conversation and contact the bank yourself through the app.
Learn about free invoicing serviceHow the scheme works
The most common and most successful scenario is a two-step combination (it accounts for more than 40% of all cases):
- Phishing. You receive an email or text message “from your bank”: “Confirm your login”, “Your account is blocked”, “New device detected.” The link leads to a fake login page that looks exactly like a real one. You enter your username and password and they instantly land with the fraudster.
- Vishing (a call). To get past your second layer of protection, you immediately get a call from “the security team”. A calm, confident voice addresses you by name, references a “suspicious transaction”, and asks you to read out the code from your SMS “to cancel the payment”. That code is your last barrier.
After that, everything happens very fast. Once inside, the fraudster almost always changes the linked phone number first – in 58% of documented cases, it was the very first action recorded. This is the critical moment: the phone is the account’s “master key”. By controlling your number, the attacker receives all text message codes, password-reset links, and confirmations. They then change the email and password – and the rightful owner loses access to their own account entirely.
The money leaves almost instantly. In real cases, a transfer went out within 2 minutes of the credentials being changed – via instant payments that can’t be reversed. What’s more, a third of these attacks are automated: the next step happens in under 10 minutes, because the receiving accounts were set up in advance.
Why even experienced people fall for it
It’s not about being naïve. Fraudsters are professionals at pressing specific psychological buttons:
- Urgency. “The payment goes out in 5 minutes unless you confirm.” There’s no time to think.
- Trust in the brand. The caller knows your name, your company, sometimes even your recent transactions. It sounds like real support.
- Fear of losing access or money. The paradox: a person reads out the code to “save” their account – and that’s exactly how they lose it.
- Authority. “Security team,” “bank officer,” “Google representative” – roles we’re conditioned to obey.
An important detail from the data: the root of the problem often lies outside the bank – in the victim’s compromised email. In 41% of cases, the fraudster already had access to the victim’s email before ever touching the account. Email is the spare key to everything, so protecting it matters just as much as protecting the banking app itself.
Learn more about FinomWhat an attack looks like from the inside: a real-world scenario
The owner of a small company gets a text message: “Finom: a login from a new device was detected. If this wasn’t you, tap here.” They click, see the familiar login form, and enter their details. Nothing seems to happen – they close the page and forget about it.
A minute later, a call: “Hello, this is the Finom security team. We can see an attempt to withdraw €3,900. To cancel it, please read out the code from your text message.” They read it out. “Thank you, the payment is blocked, all good.”
In reality, at that very moment the phone number on the account is being changed, then the email, then the password. A few minutes later, an instant transfer goes out. The entrepreneur notices nothing – the app has stopped sending notifications, because the details are no longer theirs. On average, the problem is discovered only three weeks later – when there’s nothing left to recover.
And again, the key point: in this situation, the real Finom does not call and does not ask for a code. The call itself is itself the sign of an attack.
Warning signs
Be on alert if:
- Someone contacts you first and asks for a code, a password, or to click a link.
- The caller rushes you and won’t let you “hang up and call back”
- You get a notification about a change to your phone, email, or password that you didn’t make.
- Your usual SMS and push messages from the bank suddenly stop arriving
- A link in an email points to an address that’s similar but not exact (e.g. finom-secure.com instead of the real domain).
- You’re asked to move money to a “safe” or “backup” account.
How to protect yourself
Concrete measures, ordered by impact:
- Never read out SMS or push codes to anyone. No genuine bank employee, Finom included, will ever ask for a code – only a fraudster will. This is rule number one.
- Don’t click links in emails or texts. Access your bank only through the official app or a manually typed website address.
- Switch from SMS codes to in-app confirmation (push/passkey) if your bank supports it. Then changing the phone number gives the fraudster no control.
- Protect your email – it’s the second key to everything. Turn on two-factor authentication and use a unique password.
- Use strong, different passwords and a password manager. The same password for email and banking means one breach compromises both.
- Turn on all notifications for logins, data changes, and transactions – so you spot an attack in minutes, not weeks.
- If in any doubt, hang up and log in through the official app yourself.
What to do if you suspect a compromise
If you’ve read out a code, clicked a suspicious link, or see changes you didn’t make – act immediately; every minute counts:
- Open the app and check whether you still have access.
- Change your password in both the bank and your email.
- Contact Finom through the official app and report the takeover – ask them to block the account and transactions.
- Review recent transactions and note anything suspicious.
- Check your phone number and email in the settings – make sure they haven’t been swapped.
- Report the fraud to the police if money was taken.
Speed is everything: instant transfers are almost impossible to recover, but a fast block often saves whatever funds remain.
The bottom line
Account takeover isn’t about brilliant hackers. It’s about a calm voice, a fake link, and one minute of your haste. Fraudsters are after your attention and your trust, not “holes” in the bank. The best defence is a couple of simple but firm habits. And the first one couldn’t be simpler: if someone calls “from Finom” asking for a code – it’s not us. Hang up.
Checklist: 6 things you can do today
- Never share SMS/push codes – not even with “the security team”. Finom never asks for them.
- Enable app-based login or passkey instead of SMS codes.
- Turn on two-factor authentication for your email and set a unique password.
- Get a password manager – different passwords for your bank, email, and other services.
- Turn on all notifications for logins, data changes, and payments.
- Remember the rule: when in doubt, end the conversation and log into your bank yourself through the app.
Last articles

Finom Spotlight: Big things just landed

Business Account Fees in Italy: What You Really Pay For

How to Open a Business Account in Italy (Step-by-Step Guide)

Top Free Business Accounts in Italy (2026)

Top Business Accounts for Startups & SMBs in Italy (2026)

Best Online Business Accounts in Italy (2026)

Top Business Accounts for Freelancers & Sole Traders in Italy (2026)

