Fraud Protection

Email phishing campaigns where malicious actors are impersonating the Small Business Administration (SBA) to collect personally identifiable information (PII) for fraudulent purposes have surfaced. The SBA is particularly concerned about scam emails targeting applicants of the SBA’s Economic Injury Disaster Loan Program asking them to verify their accounts using a third-party online platform to collect PII.

It should be noted that any email communication from the SBA will only come from email accounts ending in sba.gov.

Applicants are advised to help protect their identity and privacy by never providing PII in public-facing comments or responses to third-party emails.

The SBA will not use a third-party platform to:

• Actively seek PII
• Search a third-party platform for or by PII
• “Follow” public users proactively without a waiver

Additionally, federal agencies that provide disaster recovery assistance will never ask for a fee or payment to apply for financial assistance. Loan applicants and borrowers should be vigilant in protecting their personal information and data assets. Visit sba.gov/COVIDfraudalert to learn more about scams and fraud schemes.

Business Email Compromise (BEC) is a scam that targets both businesses and the associated individuals who have the ability to send checks, wire transfers, and ACH transfers. Capitalizing on shifting business practices during the COVID-19 pandemic, BEC fraudsters impersonate vendors and ask for payment outside the normal course of business. In a typical BEC scheme, the victim receives a message supposedly from a company the victim normally conducts business with. The message requests that standard payment practices be altered in some way, such as by sending money to a new account. Be on the lookout for the following:

• A sense of urgency and last-minute changes in wire instructions or recipient account information
• Last-minute changes in established communication platforms or email account addresses
• Communications only by email and refusal to communicate via telephone
• Requests for advance payment of services when not previously required
• Requests from employees to change direct deposit information

For more information, visit fbi.gov.

There is a rising trend of romance-related scams online, in which fraudsters are persuading individuals to send money or to invest and trade cryptocurrency.

Scammers often create fake profiles on dating apps or social media sites and start conversations with their targets to build trust. Once they have gained the victim's confidence through an online relationship, they claim to have knowledge of cryptocurrency investment or trading opportunities that will result in profit. Other times, they make up a story and ask for money. Typically, the scammer directs the victim to a website or application that requires confidential information.

Follow these tips to protect yourself from online romance scams:

• Never send, trade, or invest your money per the advice of someone you met online.
• Keep your financial status private to unknown individuals.
• Keep your information private. Never share banking information, Social Security Numbers, your identification or passport to anyone online.
• Be cautious of online investment opportunities that promote large profits and individuals who claim to have exclusive opportunities.
• Be aware of people who urge you to act fast, especially when it comes to sending or investing your money.

For more information about romance scams, visit ftc.gov.

Cybercriminals are using the uncertainty surrounding the Coronavirus (COVID-19) pandemic to sell bogus products or use fake emails, texts, and social media posts to take your money and get your personal information.

We have recently seen an increase in fraudulently obtained unemployment benefits where the fraudster has filed an unemployment claim on behalf of a person who is actually still working. Then, by way of a separate event involving a romance-type scam, the criminal convinces the victim to provide their bank account information so that the criminal can access the unemployment funds deposit unbeknownst to the victim and then send those fraudulently obtained funds elsewhere.

Follow these tips to help avoid COVID-19 scams:

• Don’t click on links from sources you don’t know. It could download a virus onto your computer or device.
• Watch for unsolicited emails claiming to be from the Centers for Disease Control and Prevention, Internal Revenue Service, or other government agencies. Government agencies will not call, text or email you about virus breakthroughs or economic impact payments. Never open this type of email or click on attachments.
• Ignore online offers for vaccinations. If there is a true medical breakthrough in the prevention, treatment, or cure for COVID-19, it will be unlikely that you'll hear about it for the first time through an ad or sales pitch.
• Do your homework when it comes to donations, whether through charities or crowdfunding sites. If someone wants donations in cash, by gift card, or by wiring money, avoid doing so.
• Be alert to “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions claiming that the products or services of publicly-traded companies can prevent, detect, or cure COVID-19 and that the stock of these companies will dramatically increase in value as a result.
• Do not reveal personal or financial information in email. Always consider why someone wants your information and if it is an appropriate request.
• Do not rush or feel under pressure. Scammers use emergencies to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
• Use government websites directly rather than using a link. If you do see a link to a government website, hover over the web address to ensure the domain of the linked website ends in ".gov." Always inspect the URL of websites and verify the actual destination before visiting sites.
• Never send funds to someone you do not know or have not met in person. There is no plausible reason why someone would need to ask for money from someone they have not met in person.

For more information, see ftc.gov.

"Phishing" is when a fraudster sends emails to a user that appears to be from a reputable company, organization or, even a friend to entice them to reveal personal information, such as passwords and credit card numbers. When victims receive these emails, and believe they are legitimate, it leads them to open a malicious attachment that will cause malware to infect their system or prompts the victim to enter their login credentials and expose personal and confidential information. This type of fraud can lead to financial crimes such as business email compromise, personal information theft, ransomware and account takeovers.

It's critical to be wary of suspicious e-mails even if they appear to be from a friend. Never open attachments or click on links, until you've confirmed their legitimacy. Make sure you stay protected and know how to limit your risk of fraud and what steps to take if you become a victim.

“Vishing” is when a fraudster uses the telephone to scam a user into providing private or confidential information such as online banking credentials. We have been alerted to an increase in vishing scams occurring. Users report that they are receiving a phone call from an imposter “Security Officer of a Bank” asking them to confirm suspicious transactions on their account. Once they confirm the transactions are not valid, the imposter proceeds to “verify” the end user by asking them to provide their Online Banking credentials including Out of Band Authentication codes. The fraudster then gains access to the user's accounts and can complete fraudulent transactions.

Remember that American Bank will never ask you for your login credentials. If you receive a phone call that appears to be fraudulent, please call us directly to report the incident. Make sure you Stay Protected and know how to limit your risk of fraud and what steps to take if you become a victim.

Tech Support Fraud involves a criminal claiming to provide customer, security, or technical support in an effort to defraud unwitting individuals. This type of fraud continues to be a problematic and widespread scam.

Criminals may pose as a security, customer, or technical support representative offering to resolve such issues as a compromised e-mail or bank account, a virus on a computer, or to assist with a software license renewal. Some recent complaints involve criminals posing as technical support representatives for computer or printer companies, cable companies, or government agents, even offering to recover supposed losses related to tech support fraud schemes or to request financial assistance with “apprehending” criminals.

Initial contact with the victim typically occurs through the following methods:

• Telephone: A victim receives an unsolicited telephone call from an individual claiming the victim’s device or computer is infected with a virus or is sending error messages to the caller.
• Search Engine Advertising: Individuals in need of tech support may use online search engines to find technical support companies. Criminals pay to have their fraudulent tech support company’s link show higher in search results hoping victims will choose one of the top links in search results.
• Pop-up message: The victim receives an on-screen pop-up message claiming a virus has been found on their computer. In order to receive assistance, the message requests the victim call a phone number associated with the fraudulent tech support company.
• Locked screen on a device: The victim’s device displays a frozen, locked screen with a phone number and instructions to contact a fraudulent tech support company. Some victims have reported being redirected to alternate web sites before the locked screen occurs.
• Phishing e-mail warning: The victim receives a phishing e-mail warning of a possible intrusion to their computer or an e-mail warning of a fraudulent account charge to their bank accounts or credit cards. The e-mail provides a phone number for the recipient to contact the fraudulent tech support.

Tech support fraud was originally an attempt by criminals to gain access to devices to extort payment for fraudulent services. However, criminals are creating new techniques and versions of schemes to advance and perpetuate fraud. Never give unknown, unverified persons remote access to devices or accounts and remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals. You should also ensure all computer anti-virus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to attempt. Read our Identity Theft Safety Tips for more information on how to fight fraud and what to do if you become a victim.