Fraud Prevention
FRAUD AND CYBER THREAT LANDSCAPE
What Every Business Needs to Know
Fraud and cyber threats continue to grow in both volume and sophistication, putting businesses of all sizes at risk. To help you stay informed and protected, we’ve created this guide to highlight today’s most common and impactful fraud and scam trends affecting business operations.
This resource outlines key risks such as bank impersonation scams, business email compromise, AI‑driven impersonation, ACH fraud, account takeover attempts, and other emerging schemes targeting payments, financial systems, and employees. Our goal is to provide clear, actionable insights that help strengthen internal controls and reduce exposure to fraud.
Type
Description
What to Watch For
Type
Bank Impersonation
Scams
Description
Scammers pose as a legitimate bank via calls, texts, emails, or apps to pressure victims into revealing credentials or moving money. They rely on urgency and fear, such as fake fraud alerts, to trick people into acting quickly without verification.
What to Watch For
· Urgent or threatening messages demanding immediate action, requests for username, passwords, RSA token codes, PINs, or full account details.
· Requests to move money to a “safe” account or buy gift cards/crypto.
· Unexpected links, attachments, or caller ID/email domains that look slightly off.
· Being told not to contact the bank directly or to keep the interaction secret.
Type
Business Email Compromise (BEC)
Description
Criminals impersonate executives, vendors, or partners to redirect payments or request urgent fund transfers. Uses email spoofing or hacked accounts. Often involves fraudulent invoice changes or fake wire instructions.
What to Watch For
Unexpected requests to change payment details, urgent financial instructions sent via email, or subtle email address variations.
Type
AI‑Enhanced
Impersonation and Deepfake Scams
Description
Fraudsters use AI-generated voice or video to impersonate leaders, financial institutions, vendors, or technical support personnel.
What to Watch For
Unusual voice calls requesting urgent transfers, video calls with poor synchronization, or instructions outside normal procedures.
Type
ACH Fraud and
Payment Redirection
Description
ACH fraud is rising, including unauthorized payment redirection and false-pretense credits. The National Automated Clearing House Association implemented 2026 rule changes to combat these schemes.
What to Watch For
Requests to update vendor banking information, payroll deposit changes, or irregular ACH disbursements.
Type
Account
Takeover (ATO)
Description
Attackers gain access to business banking through phishing, credential theft, or malware for the purposes of initiating unauthorized transactions, financial theft or identity theft.
What to Watch For
Unexpected login alerts, unexpected password resets, one-time password/MFA notifications, or unauthorized device sign‑ins.
Type
Check Fraud
Description
Fraudsters are using AI to create realistic counterfeit checks and exploit remote deposit tools.
What to Watch For
Altered checks, duplicate check numbers, or unfamiliar remote deposits.
Type
Money Mule Schemes
Description
Businesses or employees may be recruited, knowingly or unknowingly, to move illicit funds, often through job or work‑from‑home scams.
What to Watch For
Requests to deposit or transfer funds for unfamiliar parties or offers of payment for simply “moving money.”
Type
Agentic Bot and Automated Social Engineering Attacks
Description
AI‑powered bots can impersonate contacts, conduct conversations, and manipulate employees into releasing funds or sensitive information.
What to Watch For
Emails or messages that feel unusually polished, automated, or persistent.
Type
Authorized Push Payment (APP) Scams
Description
Employees are manipulated into voluntarily sending money to fraudsters, often through social engineering or vendor impersonation.
What to Watch For
Requests for rushed payments (especially cryptocurrency), which may involve new or updated instructions, and too good to be true opportunities.
Type
Phantom Hacker Scams
Description
Fraudsters pose as banks, cybersecurity teams, or federal agencies telling individuals and businesses their accounts are “at risk,” then instruct them to move money to a “safe” account.
What to Watch For
Anyone claiming you must urgently transfer funds for security reasons.
Type
Email‑Focused Financial Fraud
Description
Highly convincing email scams that avoid suspicious links and rely on conversational manipulation or direct you to call a number provided (callback phishing) for assistance. Common versions include:
· Fake fraud alerts.
· Fake invoices or charges.
· Unexpected or “urgent request” emails.
· Account freeze warnings.
What to Watch For
· Any financial request made exclusively through email, verify using another trusted contact method before acting.
· Never call a number provided in an unexpected email.
· Look up the official telephone number online.
Type
Financial Relief and Assistance Scams
Description
Scammers mimic relief programs, grants, and government assistance to harvest banking details.
What to Watch For
Urgent messages claiming eligibility for relief funds or requesting sensitive financial data.
How Your Business Can Stay Alert
- Always verify payment instruction changes using a phone number on file, not email.
- Implement multi‑factor authentication (MFA) and review account permissions regularly.
- Train employees on identifying phishing, impostor behaviors and other social engineering tactics.
- Use separation of duties for payment approvals.
- Contact us immediately if you suspect fraud.