First Bank of Highland Park Google Play App Icon
First Bank of Highland Park
Fiserv Solutions, Inc.
FREE In Google Play
View

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Security Alert: Spoofing Attempts Using Bank Phone Numbers

We’ve identified spoofing activity where fraudsters are using our bank’s phone numbers to impersonate employees and target clients. These calls may appear legitimate, but are designed to steal sensitive information.

 

Remember:

 

  • We never ask for passwords, PINs, full account numbers, or MFA codes over the phone.

  • If a call feels suspicious, clients should hang up and call our official number directly, 847-432-7800.

  • Report any suspicious contact immediately.

Working to Prevent Financial Exploitation

First Bank is thrilled to announce that we are one of the banks that AARP has recognized with the BankSafe Trained Seal for the steps we have taken to help stop financial exploitation. Click here to learn more.

Tax Time is Show Time for Scammers 

Fraudsters take advantage of you this time of year to try to steal your money or private information by pretending to be IRS agents or state tax department representatives.

The IRS wants you to know:

  • They will first mail you a bill about taxes owed before making any phone call
  • They will give you the opportunity to question any taxes it says you owe
  • They will never call to demand immediate payment
  • They will never ask for credit or debit card numbers over the telephone
  • They will never threaten to have you arrested for not paying
  • They won’t require a specific payment method, such as a prepaid debit card or wire transfer

Don't let tax scams trick you into losing your money or sensitive information! 

Fraud Prevention: What Can You Do? 

Scammers are always looking for new victims, and seniors are on their list.

These crooks use many ways to target your money or personal information. Here are some things to look for and some suggestions about what to do if you think you might be a victim.

Don’t rush into financial decisions. If you’re unsure about anything, ask for an explanation or say you need more time to think about it. Don’t feel pressured to make snap decisions.

Don’t give out personal information such as account numbers, your Social Security number, or your debit or credit card numbers unless you’re sure it’s necessary.

Lock up or hide your checkbook, bank statements, cash or other important documents if other people will be in your home.

Don’t panic if someone calls you and threatens to turn off your utilities or close your bank account unless you pay them money right away. Scammers will often do this and ask you to pay with a wire transfer or a gift card. If you’re unsure, hang up and call your bank or utility company at their official phone number and explain what happened.

Ask for references before hiring anyone, and don’t give workers information about your accounts.

Pay with a credit or debit card if you have them. These methods give you more protection than cash or checks.

Talk to your banker, financial advisor, attorney, a trusted family member or friend if you have questions about financial issues.

Use online banking and email or text alerts to monitor your accounts. If you’re unsure how to do that, ask your banker for information about learning how to use them.

Check your credit report at one of the three main credit bureaus for possible problems at least once a year. You can do it for free by starting at annualcreditreport.com.

If you think you might be an elder financial abuse victim, contact your bank and file a report with your local law enforcement agency and contact your local or state adult protective service agency to let them know what happened.

Being cautious can keep your money and information safe from crooks.

Beware of Fictitious Wire Instructions

Beware of Sneaky Wire Transfer Email Fraud

Ever sent a wire transfer for a business deal, only to realize later it was a hoax? Scammers are always looking for new methods, and wire transfer fraud, a specific type of Business Email Compromise (BEC), is a growing threat for both businesses and individuals.

Let’s look at what wire transfer email fraud is, how it works, its impact on small businesses, and how to protect yourself from falling victim to such scams. This guide is especially relevant for small business owners, IT professionals, finance managers, and freelancers who are looking to safeguard their operations.

Understanding Wire Transfer Email Fraud

Wire transfer email fraud is a sophisticated scam that targets businesses and individuals by tricking them into wiring money to fraudulent accounts. Fraudsters typically gain access to email systems through phishing or malware and then use compromised accounts to send fake wire transfer instructions.

One common tactic is the "updated instructions" scam, where scammers send revised wire transfer details to redirect funds to their accounts.

How the Scam Works

Imagine you're finalizing a legitimate transaction via email and receive wire transfer instructions. Later, you get another email, seemingly from the same person, with "updated" or "corrected" instructions. This new email might have a slightly different sender address or contain a sense of urgency, but it contains a different receiving account for the wire and sometimes new contact information for the sender.

Here's the catch: it's a fake email! Scammers often compromise legitimate email accounts or create look-alike addresses to trick you into sending money to their accounts.

Wire transfer email fraud usually begins with a phishing attack or malware infection that grants scammers access to an email account.

Once inside, they monitor communications to identify ongoing transactions and then send fake wire transfer instructions. They often impersonate a trusted vendor or colleague to make the request appear legitimate.

Is Wire Transfer Fraud the Same as CEO Fraud?

Wire transfer fraud is a broad category of scams that includes CEO fraud. While both are types of Business Email Compromise, CEO fraud is when scammers impersonate high-level executives to request urgent wire transfers from an employee in their own corporation.

Both types of fraud involve a compromised email system, where hackers have gained access to one or more accounts.

Gaining Access to Email Systems

Scammers use various methods to gain access to email systems, including phishing emails, malicious links, and infected attachments. Once they have access, they can monitor communications, identify targets, and execute their fraudulent schemes.

Why Do Scammers Use Wire Transfers?

While wire transfers are a perfectly legitimate and secure method to send money, they are a preferred payment method for scammers because once sent, they are nearly impossible to reverse. While good news for the scammer, this is very bad news for your business! Be as cautious with your wire transfers as you would be with an equivalent pile of cash.

The Impact on Small Businesses

Small businesses often lack the robust cybersecurity measures that larger organizations have in place. Limited resources and staff make them easier targets for scammers. Falling victim to this scam can have devastating consequences, causing financial losses and damaging your reputation.

Why Small Businesses Are Vulnerable

Small businesses are prime targets because they often have less robust security measures and rely heavily on email communication. Additionally, small businesses may not have formal processes in place for verifying wire transfer instructions, increasing the risk of falling for scams.

Financial and Reputational Damage 

Email malware and wire transfer fraud can result in significant financial losses. Recovering stolen funds can be challenging, and businesses may face cash flow issues as a result. Additionally, the reputational damage can be severe, as clients and partners may lose trust in the business.

What to Look for in Potentially Fraudulent Wire Transfer Emails

When it comes to your day-to-day priorities, weeding out spam email is not the most demanding or exciting job, but it is still an important step in your cybersecurity plan. Even one lapse in security can have disastrous consequences, so it’s vital to keep on the lookout for these problems. Let’s break down the signs so you and your team know how to use your business emails responsibly. 

Variations of the Scam

Scammers may use different approaches, such as sending fake invoices or impersonating vendors. It's essential to stay vigilant and verify any wire transfer requests you receive, preferably over the phone and never through the email address used to send the request. These scams can look slightly different, depending on the industry:

  • Mortgage wire fraud: This could happen when someone purchases property and uses a wire transfer to send the downpayment. A follow-up email is sent with “updated” or “corrected” instructions.

  • CEO fraud: A message apparently from someone higher up in your organization asks for a wire transfer to be sent.

  • Vendor payments: A vendor or supplier sends new instructions for payment and/or updated contact information.

Common Tactics Used in Wire Transfer Fraud

Scammers often employ social engineering tactics to manipulate victims. They may create a sense of urgency, use familiar language, or reference genuine transactions to make their requests seem legitimate.

Red Flags to Watch Out For

Be cautious of emails that rely on any of the following tricks:

  • Urgency:  Emails pressuring you to act fast and send money immediately.
  • Sender Discrepancies:  Slight variations in email addresses or names compared to previous communications. Come from unfamiliar email addresses or domains that closely resemble legitimate ones.
  • Unexpected Changes:  Requests to send money to a different account than usual. Contain new or updated wire transfer instructions.
  • Suspicious Attachments or Links:  Avoid clicking on links or downloading attachments from unknown senders.
  • Poor Grammar or Unusual Language:  Unprofessional language or grammatical errors can be a sign of a scam.

Protecting Yourself from Wire Transfer Scams

The best defense is always a good offense, and when you know what to look for, it becomes a lot easier to protect your business from these types of scams. It starts with having the right tools at hand: your knowledge of the threat, and the security procedures you put in place.

Verification is Key

Never send money based solely on instructions or contact information provided in the email, as scammers can easily manipulate it. Before sending any wire transfer, always verify the instructions through a trusted method.

Here’s how to verify:

  • Trusted Phone Numbers: Call the sender using a phone number you have on record, not the one provided in the email.
  • Double-Check Details: Verify bank account details and other information directly with the recipient.
  • In-Person Verification: If possible, verify instructions in person for important transactions.

Cybersecurity Measures

Since BEC scams start with a compromised email system, implementing strong cybersecurity practices is a crucial step in preventing wire transfer fraud. Keeping hackers out of your email system is your first line of defense.

A few important things to remember:

Never send money based solely on instructions or contact information provided in the email, as scammers can easily manipulate it. Before sending any wire transfer, always verify the instructions through a trusted method.

  • Avoid clicking on suspicious links or downloading attachments from unknown senders.
  • Use robust antivirus and anti-malware software and keep them up to date.
  • Create unique, strong passwords and change them regularly.
  • Train employees in email security best practices, such as recognizing phishing attempts and verifying wire transfer instructions.
  • Consider using two-factor authentication for an extra layer of security.

What to Do if You Suspect Fraud

Wire transfers move quickly, so if you suspect you’ve been the victim of fraud, it’s vital that you move fast. Take immediate action to protect your livelihood and that of your clients, vendors, and customers.

Act Quickly

If you suspect that you've fallen victim to wire transfer fraud, respond immediately:

  • Contact your financial institution to report the suspected fraud and attempt to recover the funds.
  • Ask your financial institution to contact the receiving institution. They may be able to freeze the funds.
  • Explain the situation and provide details about the suspicious email.

Report the Scam

Reporting the incident helps authorities track scam trends and potentially recover funds. You should promptly report the scam to the relevant authorities:

  • File a report with the Federal Trade Commission (FTC) 
  • Report the email to the Internet Crime Complaint Center (IC3) 
  • Contact your local police department or FBI office. 

Additional Tips for Businesses

Protecting your business from wire transfer fraud and other email scams is about the security of your network – both the technological side as well as the people you work with. Here are a few ideas on how to improve security for your business:

  • Employee Training:  Regularly train employees on email security best practices to identify and avoid email fraud attempts.
  • Culture of Verification:  Encourage a culture of verification within your company. Double-check any financial requests received via email.
  • Dual Control:  Require multiple approvals before wire transfers can be sent. This will provide an additional opportunity to consider the legitimacy of the transfer.
  • Multi-Factor Authentication:  Consider implementing multi-factor authentication for critical financial accounts.

Don't Get Scammed

Wire transfer email fraud is a serious threat that can have devastating consequences for businesses. By understanding how these scams work and implementing robust security measures, you can protect yourself and your organization.

Taking these proactive steps can significantly reduce the risk of falling victim to wire transfer email fraud. Stay vigilant, educate your team, and prioritize the security of your financial transactions.

For more information on wire transfer fraud prevention, visit the FBI’s page on Business Email Compromise.