Scott Hartwig scanned the crowd, then delivered some hard truths.
“The Federal Trade Commission reported consumers lost more than $12.5 billion in 2024,” said Hartwig, market leader for Regions Bank in St. Louis. “That was a 25 percent increase from just the prior year.”
And the numbers, he warned, are likely to worsen as fraud schemes continue targeting money and sensitive personal information. The cost reaches far beyond financial loss.
“Those risks include loss of trust from your customers,” Hartwig added. “Reputational damage. And negative media attention. But despite that, there is good news.”
Regions Bank recently hosted “How to Safeguard Your Organization from Fraud,” a seminar for wealth and commercial clients. The program featured a breakfast in St. Louis and a luncheon in nearby O’Fallon, Illinois.
Hartwig noted Regions uses sophisticated processes and advanced technology to help customers mitigate fraud risk. But technology alone is not enough.
“The better system is when you join us in taking an active role in recognizing suspicious behavior in your accounts and security,” he said.
Years of Experience
Leading the seminar were, head of Commercial Fraud Forensics at Regions and a 28‑year banking veteran, and Heather Hughes, vice president of CYPFER Engagement Management and a senior leader in cyber protection.
“Scott mentioned the numbers,” Taylor said. “This is worldwide. In fact, it’s a $3 trillion problem — more money than the gross national product of many countries. And it’s growing at an alarming rate.”
For the next 45 minutes, Taylor and Hughes drew on their experience to outline some of the biggest threats facing Americans — part of Regions’ ongoing efforts to help customers protect themselves.
This is worldwide. In fact, it’s a $3 trillion problem — more money than the gross national product of many countries. And it’s growing at an alarming rate.
Jeff Taylor, head of Commercial Fraud Forensics at Regions
The Trouble With Check Fraud
Check fraud remains one of the most costly scams. Criminals increasingly alter, forge or counterfeit checks — sometimes by purchasing blank check stock and creating lookalike documents.
Fraudsters can also gather information elsewhere, create synthetic identities and sell them on the dark web.
How do organizations fight back? Taylor recommended:
- Reconciling accounts frequently.
- Converting to digital payment channels and securing existing check stock to keep it out of the wrong hands.
- Using Positive Pay and similar tools.
“Fortunately, there are bill‑pay platforms available to commercial customers,” he said. “Leveraging bill pay platforms is a good way to reduce check volume.”
The Basics of Ransomware
Ransomware occurs when criminals infiltrate computer systems with malware, encrypt sensitive files and lock out the owner until a ransom is paid.
“No business is too small to get hit with ransomware,” Hughes said. “I often hear clients, when I do proactive work with them, say, ‘No one’s going to try to get us.’”
But everyone is vulnerable, she stressed. Attackers seek data and control.
“The goal is to make an interruption,” Hughes said. “If a threat actor can shut down your business for a week or two, they create a pain point that’s going to make you more likely to pay.”
If the business doesn’t pay, consequences can escalate. Criminals may notify customers, employees — even the media — to apply pressure.
“It’s not like the movies, where a skull and crossbones pops up on your screen,” Hughes said. “The threat actors don’t want you to know they’re in your system until they want you to know. Because they’re doing recon.”
Once inside, attackers move through files, learning the business intimately and determining how much victims may be willing to pay.
Hughes’ advice: before responding to a ransomware message, contact a forensic investigator, outside counsel and your cyber insurance agent. Those relationships should be established long before there’s a problem, she said.
The decision whether to pay ransom should also be part of an organization’s response plan.
And one encouraging sign: if attackers provide decryption keys, it can indicate a potential path toward resolution. “These are professional criminals,” Hughes said. “They have reputations to protect.”
Business Email Compromise
Business email compromise (BEC) remains a persistent scam.
“This attack not only impacts businesses and organizations but can impact private wealth customers — high‑net‑worth individuals,” Taylor said. “Anytime there’s an opportunity to leverage email, the fraudsters are going to be there.”
Criminals often target accounts payable departments, vendor management teams and payroll — areas with the authority to initiate transactions or change payment methods.
Fraudsters impersonate executives, vendors or employees with payroll access. Taylor recalled a case where someone posing as a CEO requested a million‑dollar wire transfer to support an overseas purchase.
A few days later, the employee responsible casually mentioned to the real CEO, “I took care of that for you today.”
“The CEO said, ‘I have no idea what you’re talking about,’” Taylor said. “Unfortunately, fraud like that happens all the time.”
Vendor fraud works similarly. A long‑time vendor requests a change in payment details, and 30 to 90 days may pass before anyone notices the money has gone elsewhere.
Access Is the Key
Hughes said many attacks begin with phishing emails that appear harmless.
“You don’t see anything on your computer,” she said. “But they’ll get into your email, change your inbox rules, and receive and send messages on your behalf. They’ll also have access to your contact list.”
This process, called “nesting,” gives criminals broad access to systems and data.
The Future of Fraud Is Here
“I’m always asked, ‘What keeps you up at night?’” Taylor said. “And I talk about the things we see coming around.”
- Trusted‑partner or imposter scams: Criminals spoof phone numbers or trusted identities, including banks. Taylor offered a common example: “Hey, this is Jeff with your bank. I need your user ID and password to delete fraudulent transactions.”
- AI‑generated impersonations: “Large language models are great for marketing or writing papers,” Hughes said. “But they’re also being used for evil.” AI can generate realistic audio or video to trick victims.
- Executive deepfake impersonations: Hughes described a CFO traveling overseas who “called” her office seeking $10,000 for emergency care. It wasn’t the CFO — it was a deepfake.
Hughes advised families and coworkers to establish code words. If someone receives a frantic call demanding immediate action, a code word can help verify legitimacy.
- Rising need for executive cybersecurity: Criminals increasingly target leaders’ personal devices, public information and social media. Because of their influence, executives face heightened exposure to ransomware, extortion and more.
This Is How We Fight Back
“The first step is to guard your house,” Taylor said.
He recommended working with your Information Technology provider to conduct vulnerability assessments, regularly patching and updating systems, using multi‑factor authentication and leveraging tools such as Positive Pay, ACH filters and account reconciliation.
Next, organizations should create consistent, ongoing employee training.
“You are creating a culture of fraud awareness, where people are thinking before they act,” Taylor said.
Finally, organizations need a fraud‑and‑risk governance plan that outlines risk tolerance, divides financial responsibilities and establishes a detailed response plan.
Stop, Call and Confirm
Taylor said the easiest next step is simply verifying unexpected requests.
“Stop your process, pick up the phone and call the requestor at a number you already know,” he said. “It’s a five‑minute phone call, and it’s a whole lot easier to explain why you’re calling than to explain a $10 million loss to your boss.”
It’s a five‑minute phone call, and it’s a whole lot easier to explain why you’re calling than to explain a $10 million loss to your boss.
Jeff Taylor
‘Everyone Needs to Attend’
John Lynn, Regions’ Private Wealth market leader in St. Louis, closed the event.
“This is a crazy topic, but I hope everyone learned something,” Lynn said. “We believe events like this provide added value by increasing awareness. We’re committed as a bank to keeping you informed as situations change and there are further developments in the area of fraud.”
After the O’Fallon seminar, a client approached Taylor and Hughes for follow-up questions and told a frightening story: how his former company lost its retirement fund by trusting the wrong person.
“We went with an individual investment company,” he explained. “The guy had all the credentials. So, we moved our entire 401(k) over. This wasn’t a rash decision. These were seasoned investors, and everybody thought it was the right move.”
The fund collapsed in months, criminal charges followed and now, each quarter, the client receives a meager payment – $6.66 – as a reminder of the dangers of fraud.
“It doesn’t amount to much, but it reminds me of what we lost,” the client said. And that’s why the time spent with Taylor and Hughes mattered to him. “This is a seminar everyone needs to attend. I wish we had.”
Additional Resources from Regions.com
Related Articles from Doing More Today
The information presented is general in nature and should not be considered legal, financial, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.