Phishing & Account Takeover: How It Works and How to Recover

How the fraud works

Phishing and account takeover use fake emails, texts ('smishing') or calls impersonating your bank to harvest credentials or one-time codes — or to push you into authorising a payment yourself (authorised push payment fraud). Funds are then moved out rapidly through mule accounts.

Warning signs

• Urgent links to 'verify' or 'secure' your account
• Callers who already know some of your details
• Requests to read out one-time passcodes
• Being told to move money to a 'safe account'
• Slightly-wrong sender addresses or numbers

Evidence to preserve

If you have been affected, gather:

• The phishing message, number or email header
• Date and detail of the unauthorised or pushed payments
• Your report reference from the bank
• Any login alerts or device notifications
• Recipient account details, if known

How victims recover funds

The primary recovery route is card chargeback (visa / mastercard). A chargeback reverses a card payment by raising a dispute through the Visa or Mastercard scheme via your issuing bank, which claws the funds back from the merchant's acquirer under defined dispute reason codes.

Report to your bank immediately to trigger a recall and fraud investigation. Unauthorised transactions are reimbursable under PSD2 across the EEA, and unresolved complaints can be escalated to the ombudsman.

Phishing & Account Takeover recovery by country

Select your country for the local regulator, ombudsman and recovery routes:

• Ireland
• Malta
• Singapore
• Hong Kong
• New Zealand
• Netherlands
• Sweden
• Denmark
• Finland
• Norway
• Luxembourg
• Switzerland
• Spain
• Portugal
• Greece
• Belgium
• Czechia
• Romania
• Hungary
• Bulgaria
• Croatia
• Slovakia
• Slovenia
• Estonia
• Latvia
• Lithuania
• Albania
• Bosnia and Herzegovina
• Serbia
• Japan
• South Korea