Saturday, July 11, 2026Sat, Jul 11
HomeTechBanking Fraud Explodes in Portugal: How Scammers Steal Your Money Over the Phone
Tech · National News

Banking Fraud Explodes in Portugal: How Scammers Steal Your Money Over the Phone

24 banking scams hit Portugal in one day. Fraudsters use phone spoofing to drain accounts. Learn the warning signs and PSP's protection steps now.

Banking Fraud Explodes in Portugal: How Scammers Steal Your Money Over the Phone
Lisbon bank building with legal documents illustrating financial crime investigation and money laundering case

The Portugal Security Police (PSP) recorded 24 separate banking phone fraud attempts in a single day this month, marking what authorities now describe as an exponential surge in sophisticated scams targeting residents and their savings accounts. The spike, registered on July 7, underscores a broader pattern that has seen hundreds of similar incidents across the country during the first half of 2026, prompting coordinated warnings from law enforcement, the Portugal Central Bank, and the Public Prosecutor's Office.

Why This Matters

Volume and speed: With 24 cases in one day and the Portugal National Guard (GNR) logging 44 "false banker" scams in Q1 alone, the threat is now daily and widespread.

Sophisticated tactics: Criminals use number spoofing to make fraudulent calls appear legitimate on your phone screen, mimicking your bank's official contact.

Financial loss risk: Victims are tricked into transferring savings to fake "security accounts" or surrendering two-factor authentication codes, enabling instant theft.

Target demographics: While anyone can fall victim, older residents and those less familiar with digital banking security remain especially vulnerable.

How the Scam Operates

The fraud typically unfolds in stages, each designed to exploit trust and create panic. It begins with an SMS or email alert claiming irregular activity on the victim's account—a suspicious transfer, unauthorized login attempt, or payment hold. These messages appear to originate from recognizable financial institutions such as Millennium BCP, Caixa Geral de Depósitos, Santander, Banco CTT, or Montepio, all of which have issued public warnings this year about impersonation schemes.

The message urges immediate contact via a phone number embedded in the text. Alternatively, the scammer may place an outbound call directly to the target. Here, the technique of caller ID spoofing becomes critical: the victim's phone displays what looks like the bank's legitimate helpline or even the institution's name, lending false credibility to the interaction.

Once contact is established, the fraudster adopts a calm, professional tone, using technical banking jargon and simulating procedural elements such as hold music, departmental transfers, and security protocols. This performance is engineered to mimic genuine customer service interactions and disarm suspicion. The caller insists on urgency, warning that funds are at risk and immediate action is required to prevent loss.

The end goal is twofold: to convince the victim to wire money to a so-called "security account" allegedly set up to protect their balance, or to extract sensitive information—account credentials, PINs, second-factor authentication codes sent via SMS or generated by banking apps. In either scenario, the victim unknowingly authorizes the transfer of their own money into accounts controlled by the criminals.

In some variations, scammers request the installation of remote-access software, disguised as antivirus protection, which grants them direct control over the victim's device and access to digital banking platforms.

What Portugal Authorities Are Advising

The PSP, GNR, Portugal Central Bank, and Public Prosecutor's Office have issued a unified set of protective measures for residents:

Never use contact numbers provided in unsolicited SMS or email. Always verify by navigating to the bank's official website or using the number printed on the back of your payment card.

No legitimate bank requests transfers to "security accounts." This concept does not exist in standard banking practice. Any such request is fraudulent.

Do not share authentication codes, PINs, or passwords over the phone. Banks will never ask for these details via call, text, or email.

Beware of high-pressure tactics. If a caller insists on immediate action or threatens account closure, hang up. Contact your branch manager or official customer service line independently to verify the claim.

Understand spoofing limitations. Even if your screen displays your bank's name or known number, this information can be falsified. Treat unexpected calls with skepticism.

Avoid clicking links in unsolicited messages. These may redirect to phishing sites designed to harvest login credentials or install malware.

What This Means for Residents

For anyone living in Portugal, the practical implications are clear: your phone is now a primary attack vector. The convenience of mobile banking has introduced a corresponding vulnerability, and the criminals exploiting it are organized, technically proficient, and persistent.

If you believe you have been targeted, act immediately. Change your online banking credentials through the official app or website, contact your bank to freeze cards or accounts, and file a formal complaint with the PSP, GNR, or Public Prosecutor's Office. Collect all evidence—text messages, call logs, transaction receipts—to support your case. The Portugal Central Bank also accepts fraud reports via email at info@bportugal.pt.

Equally important is prevention through awareness. Share these warnings with family members, particularly elderly relatives who may be less familiar with digital fraud techniques. The GNR recorded approximately 300 "false official" scams in the first quarter of 2026, many of which targeted older adults through variations of the banking scam or impersonation of government officials.

Broader Fraud Landscape in 2026

Banking phone fraud is not occurring in isolation. Portugal has also seen a rise in cryptocurrency investment scams and fake accident schemes, the latter involving calls to elderly victims falsely claiming a family member has been involved in an incident and requires urgent financial assistance. These schemes share common elements: urgency, emotional manipulation, and exploitation of trust in authority figures.

The coordinated response from multiple government entities signals the seriousness with which officials are treating the trend. However, enforcement faces challenges. Many operations are run from outside Portugal using Voice over IP (VoIP) technology, which obscures physical location and complicates jurisdiction. There is also evidence that scammers are beginning to deploy artificial intelligence to generate more convincing voice interactions, further blurring the line between legitimate and fraudulent communication.

Regulatory and Institutional Response

The Portugal Central Bank has reinforced its guidance to financial institutions, urging them to improve customer education and implement stricter identity verification protocols for sensitive transactions. Several major banks now send proactive alerts via their official apps when unusual activity is detected, and some have introduced mandatory cooling-off periods for large transfers initiated outside normal account behavior patterns.

The PSP has increased digital literacy campaigns, particularly in rural areas and among populations with lower rates of digital engagement. Public service announcements, distributed through social media, television, and community centers, emphasize the red flags of phone fraud and the steps to take when targeted.

Still, the onus remains largely on individuals to recognize and resist these scams. Unlike card fraud, where banks can reverse unauthorized charges, transfers initiated by the account holder—even under false pretenses—are difficult to recover. This makes prevention the most effective defense.

Staying Ahead of the Threat

Residents are encouraged to adopt a default posture of skepticism toward any unsolicited financial communication. Verify independently, never act under pressure, and remember that legitimate institutions will never ask you to compromise your own security measures. If something feels wrong, it probably is.

The 24 cases logged in a single day represent only those reported; the true figure is likely higher, as many victims hesitate to come forward due to embarrassment or the belief that recovery is impossible. By increasing public awareness and fostering a culture of caution, authorities hope to reduce both the incidence and success rate of these schemes.

In a financial ecosystem increasingly reliant on remote access and digital verification, the human element remains both the weakest link and the strongest defense. Understanding how these scams work, recognizing the tactics employed, and knowing when to disengage are now essential skills for anyone managing money in Portugal.

Tomás Ferreira
Author

Tomás Ferreira

Business & Economy Editor

Writes about markets, startups, and the digital forces reshaping Portugal's economy. Believes good financial journalism should make complex topics feel approachable without cutting corners.