Commercial Insights

Protect your business from trusted partners scams

Regions Head of Commercial Fraud Forensics shares tips to recognize, report, and prevent financial fraud in your business.

Trusted partner scams are on the rise. Whether it is a criminal individual or organization posing as a toll agency, a hiring agent, or bank representative, these scams are designed to leverage or gain trust using a known brand name or entity as the conduit.

In the case of financial industry scams, it works like this: A fraudster contacts an unsuspecting victim over the phone, email, or text message posing as an employee of the trusted partner, such as a bank, attorney, or even a C-suite executive. The fraudster may inquire about a potentially fraudulent transaction on the victim’s account, a possible data breach, or a request for information relative to the victim’s account. The fraudster knows just enough information to sound believable and legitimate.

Since the victim believes they are talking with the trusted partner; they may be duped into willingly providing the requested information to the fraudster. The fraudster may ask for the victim’s user ID and password so they can log in as the victim and delete the supposed fraudulent transactions. Once the fraudster has the necessary credentials, they can begin originating transactions out of the victim’s account.

“At this point, they have full control over the victim’s account – including access to personal information, the ability to transfer funds out of the account, and alter passwords potentially locking the victim out of their own accounts,” shares Jeff Taylor, head of Regions Commercial Fraud Forensics.

There have been cases where the fraudsters pose as a trusted vendor, government entity, or law enforcement to gain control of the victim’s accounts or to suggest the victim deposit funds into a protected account controlled by the agency. The fraudsters prey on confusion and fear, emphasizing the urgency of acting immediately to avoid a loss.

Taylor emphasizes the importance of trusting your gut when you receive these types of calls, texts, or emails, especially when they ask for your user credentials. Banks like Regions will never ask you for your password. It’s always a good policy to STOP-CALL-CONFIRM to independently verify identities.

• STOP before responding.
• CALL the organization directly at a known number.
• CONFIRM the legitimacy of a request.

And don’t rely on caller ID. Often fraudsters find ways to spoof the caller ID to appear like it’s coming from your trusted partner or agency.

• Protect your personal information and never give out your social security number or government ID without a valid reason.
• Avoid clicking on links in unsolicited emails or text messages. Never give out your user ID and password.
• Use strong passwords or passphrases, and don’t use the same password across multiple platforms.
• Add biometric authentication. Using unique physical or behavioral traits, like fingerprints or facial recognition, this additional protective factor makes it harder to impersonate a legitimate user.
• Regularly monitor your account activity and immediately report anything suspicious.

“Protecting your personal information is vital to protecting your assets,” says Taylor. “Always be skeptical of unsolicited requests to avoid becoming a victim of this scam. If you were actually talking with a trusted partner, they would tell you the same.”