A "security" call asked for access. I gave it.

A caller ID showed a name I recognised, and the voice said Amazon (another time PayPal) security had flagged unauthorised purchases on my account.

They sounded calm and professional, and they already knew my first name from the lead list.

They walked me through installing remote-access software “so they could remove the threat,” then had me read two-factor codes aloud while they logged in from their side.

Within an hour purchases and transfers appeared that I had not made.

Brand impersonation over the phone is designed to feel like help; combined with remote control and one-time codes, they emptied linked cards and wallets.

The real companies do not ask you to hand over screen control or SMS codes to a cold caller.

I thought I was protecting the account; the urgency in their tone made waiting or hanging up feel reckless.

When I opened the official app on my own phone, support had no record of the call and the activity list showed logins from places I had never been—that was the point I knew the “security team” was the attacker.

Disputes and password resets took weeks; I lost money I am still chasing on one card, and I flinch when any unknown number rings.

I hang up on every unsolicited “fraud” call and only call back on the number in the app or on the card.

• Never give remote access or read 2FA codes to someone who called you.
• Log in only through the official app or site you open yourself; report vishing to the platform and FTC (US) or local fraud lines.

For more help, see our Report a scam page and Spot and avoid scams guide.