We are receiving reports of an increased volume of fraud schemes targeting commercial businesses. Amidst this uptick in fraudulent activity, it’s critical to ensure you and your team understand how to identify scams and are equipped with the knowledge you need to safeguard your organization’s information. We encourage you to share these tips with members of your team.
What is taking place?
Fraudsters are altering their phone number to hide their identity and pose as a trusted source, such as a financial institution or law enforcement. For instance, scammers may spoof the ESL phone number so the call appears to come from 585.336.1000; however, the caller is actually a fraudster pretending to be ESL. The fraudster may even claim they are a member of the ESL Fraud Department and tell you that they have observed suspicious activity on your account, so they are reaching out to “help” you.
Fraudsters then use this tactic to convince commercial banking members to share their login credentials and any additional security information. ESL will never ask for your username, password, or one-time use passcodes.
Next, fraudsters leverage this information to gain access to your account and control of your password and one time use passcodes. Once they have access to the account, they submit ACH credit and wire transactions so that funds may be transferred to accounts they control at other financial institutions.
Safeguarding your information
Once you understand what to look for, it becomes easier to spot the signs of a scam. Review the following information so you may stay one step ahead of fraudsters.
- ESL will never ask you to share sensitive information, such as your login credentials (username, password, or one time use passcodes) or the answers to your security questions, to name some examples. If you receive a phone call, text message, or email asking for this information, do not act on the request.
- Remember, ESL will never ask you to verify information by clicking on a link in a text message or email.
- ESL will also never contact you and ask you to log in to your account to authorize payments or originate an ACH or wire transaction.
- Regularly train your staff to recognize the key identifiers of phishing scams and educate them on how to report any suspicious activity.
- Educate your employees on the use of tokens and how to safeguard this information. This way, they will know what to do in the event a fraudster seeks to trick a member of your team into using tokens.
- When in doubt, do not engage with the communication. If you are unsure about the legitimacy of a text message, phone call, email, or letter you have received, please don’t hesitate to give us a call by dialing 585.336.1000 or contact your Relationship Manager.
Ensuring the safety of customer information is of the utmost priority. If you have any questions about a call, text, or piece of mail you received, please dial us directly at 585.336.1000.
