FaceTime Scammers Impersonate Banks to Steal Passwords and Drain Accounts

Victims' bank accounts are drained through unauthorized access to their online banking credentials and security codes.
The scammer watches in real-time while victims expose passwords and security codes
This is the moment of actual theft in the FaceTime scam, when fraudsters gain access to banking credentials.

In an age when trust is increasingly mediated by technology, fraudsters have learned to wear the face of legitimacy itself — exploiting FaceTime's reputation for security to extract banking credentials from unsuspecting victims in real time. The scheme begins with manufactured urgency, a text or call suggesting financial peril, and ends with a screen-share that turns the victim's own device into a window for theft. What makes this moment significant is not merely the mechanics of the fraud, but what it reveals: that the tools we reach for in moments of fear can become the very instruments of our undoing. The defense, as it has always been, lies not in the platform but in the pause.

  • Scammers are draining bank accounts by hijacking FaceTime — a platform people instinctively trust — to watch victims log in and hand over security codes in real time.
  • The attack is engineered around panic: a fake fraud alert creates just enough fear to short-circuit skepticism before the victim has time to question who they're really talking to.
  • The shift to video adds a dangerous layer of false credibility — a face on screen, even a fabricated one, makes the request to share a screen feel like standard customer service procedure.
  • Apple has opened a fraud reporting channel and is urging users to capture suspicious calls, but the company is clear that behavioral vigilance — not technology — is the primary line of defense.
  • The scam collapses the moment a victim hangs up and dials the number printed on their bank card, a single independent verification step that severs the entire chain of manipulation.

The attack arrives quietly — a text about suspicious account activity, or a call from someone claiming to be your bank. The victim is guided toward a number to call, and then comes the pivot that makes this scam distinctive: a request to move the conversation to FaceTime. Once on the video call, the fraudster asks to see the victim's screen. From there, the theft is almost passive — the scammer simply watches as the victim logs into their own banking account, capturing passwords, account numbers, and the one-time codes designed to prevent exactly this.

The scheme works because it weaponizes trust in a platform. FaceTime carries an implicit sense of legitimacy, and fraudsters have built their entire operation around that perception. A person who would never share credentials over a standard call may lower their guard on a platform that feels official. The visual element — a face on screen — adds another layer of false authority, and the request to share a screen feels reasonable when framed as a bank representative trying to help resolve a problem.

Apple has responded by urging users to photograph suspicious FaceTime calls and report them to reportfacetimefraud@apple.com. But the more durable protection is behavioral: no legitimate bank will ever ask for a password, passcode, or two-factor authentication code under any circumstances. If a message warns of account trouble, the right move is to hang up and call the number on the back of your bank card — not the number in the text. That one step, verifying the contact independently, is enough to break the scam before it can take hold.

The scam arrives as a text message about suspicious account activity, or sometimes as an unexpected call from someone claiming to represent your bank. The victim is instructed to call a number or provide verification. Then the fraudster makes a move that feels almost natural: they ask to switch to FaceTime. On the video call, they request something that should never be granted—access to the victim's computer screen. What happens next is straightforward theft. As the victim logs into their online banking account, the scammer watches in real time, seeing passwords, account numbers, and the one-time security codes that are supposed to protect against exactly this kind of intrusion. By the time the call ends, the account is compromised.

This scheme is spreading because it exploits something that works in its favor: people trust FaceTime. Apple's video calling app carries an implicit promise of security, a sense that it's a legitimate channel for communication. Fraudsters have recognized this and built their entire operation around it. They know that a consumer who would never share sensitive information over a regular phone call might lower their guard on a platform that feels official, that feels safe.

The anatomy of the attack is deliberate. It begins with urgency—a text or call suggesting that something is wrong with the account, that immediate action is required. This pressure is the hook. Most people, when told their bank account might be compromised, will respond quickly and without full skepticism. The scammer then escalates the interaction to FaceTime, where the visual element adds another layer of false legitimacy. Seeing a face on screen, even one that may or may not belong to an actual person, makes the request feel more official. The request to share the screen seems reasonable in context—the "representative" needs to see what's happening to help resolve the problem. By this point, the victim is already in a state of mild panic and trust has been established through the conversation itself.

Apple has acknowledged the problem and is urging consumers to report suspicious calls. The company recommends taking a live photo of any FaceTime call that seems fraudulent and sending it to reportfacetimefraud@apple.com. But the real defense is behavioral. Banks will never ask for passwords, passcodes, or two-factor authentication codes—not over FaceTime, not over the phone, not in any legitimate circumstance. Anyone who pressures you to move money or share credentials immediately should be treated as suspicious, regardless of how official they sound or how real the video call appears. If you receive a text about account problems, don't call the number in the message. Instead, hang up and dial the number on the back of your bank card. That simple step—verifying the contact independently—breaks the chain of the scam before it can take hold.

The scammer watches in real-time while victims expose passwords, account numbers and even one-time security codes
— CBS News national consumer correspondent Ash-Har Quraishi
Apple will not ask for a customer's password, passcode or two-factor authentication code
— Apple
La Conversación del Hearth Otra perspectiva de la historia
Inventor

Why does FaceTime specifically make people more vulnerable than a regular phone call?

Model

Because it looks official. A voice on the phone is easy to doubt. A face on screen, even a stranger's face, creates a false sense of legitimacy. People associate FaceTime with trusted communication. The scammer is counting on that.

Inventor

So the screen-sharing part is where the actual theft happens?

Model

Exactly. That's the moment of exposure. The victim logs in while the scammer watches. Passwords, account numbers, security codes—it all becomes visible in real time. Once the scammer has those, the account is theirs.

Inventor

What makes someone vulnerable to the initial text or call?

Model

Urgency. The message says something is wrong with the account. Most people panic a little when they hear that. They're not thinking clearly. They're thinking about protecting their money. That's when they're most likely to follow instructions without questioning them.

Inventor

If someone realizes mid-call that something is wrong, can they stop it?

Model

Yes. Hang up immediately and call your bank directly using the number on your card. Don't use any contact information from the suspicious message. That one step—verifying independently—breaks the entire scheme.

Inventor

What should someone do if they think they've already been scammed?

Model

Contact their bank right away. Change passwords. Monitor the account closely. And report the FaceTime call to Apple if they can. The faster you act, the better chance you have of limiting the damage.

Quieres la nota completa? Lee el original en CBS News ↗
Análisis de cobertura

Cómo se cubrió esta historia

Ver el Register completo de este día →

1 medios cubrieron esto

El costo humano

0 de 1 reportes nombraron a las personas afectadas.

Enfoque y encuadre

Nombrados como actuando: Unnamed fraudsters — scammers impersonating bank representatives — operating via FaceTime globally

Nombrados como afectados: Bank consumers tricked into screen-sharing during fraudulent verification calls

Basado en el análisis de Echo Harbor sobre cómo los medios informaron esta historia.

Contáctanos FAQ