Be careful when searching the internet. What you find may not be what you expect.
Spoofed website scams are on the rise, and cybercriminals are increasingly leveraging your relationships with trusted partners to steal your information and money.
Consider this scenario: You need to complete a bank transaction, so you search online for help. Instead of landing on your bank’s website, you’re directed to a spoofed site that looks and feels legitimate – but is controlled by criminals.
These threat actors buy ads on popular search engines so their fraudulent sites appear at the top of search results. Their goal is simple: trick you into giving up sensitive information.
“When you click on one of these ads, you’re redirected to a fraudulent website,” said Jeff Taylor, head of Commercial Fraud Forensics at Regions Bank. “While it may look authentic, a careful review of the URL – looking for spelling errors, typos or anything amiss – often reveals slight differences.
We’ve seen this impact banking customers across the industry. By educating our customers and the public, we can reduce the threat of spoofed website scams.
Jeff Taylor, head of Commercial Fraud Forensics at Regions Bank
How It Works
If you land on a spoofed website, it may trigger a step-up authentication request, followed by a phishing call or text from a fraudster posing as a trusted source. If you comply, the criminals can gain access to your accounts.
“They’re counting on you being in a hurry to get things done,” said Kimberly Reece, Customer Advocacy Manager for the Financial Crimes Unit at Regions. “Because the website looks familiar, and the process is similar to what you’ve seen before, fraudsters use that confusion to gain control of your accounts. By the time you realize something’s wrong, it’s usually too late.”
Steps to Stop Website Spoofing Scams
- Never use a search engine to navigate login pages.
- Type your bank’s URL directly into your browser.
- Bookmark the verified link for future use.
- Consider creating a desktop shortcut to take you straight to the login page.
- Remember, Regions will never ask for the combination of your user ID and password. #BanksNeverAskThat
“Ongoing awareness and training are essential to protecting your business from fraud like spoofed website scams,” Taylor said. “While spoofed websites can impact anyone, criminals frequently target commercial customers and small businesses.”
If You Think You’re a Victim
Call your bank immediately and file a report with the Internet Crime Complaint Center at IC3.gov.
Beware the Trusted Partner Scam
Another troubling fraud trend that impacts clients is the trusted partner scam.
It works like this: a fraudster initiates contact by phone, email or text message posing as a representative of a trusted organization. They then inquire about potentially fraudulent transactions on the victim’s account, a possible data breach or request information about the victim’s account. They are seasoned professional criminals, so they seem legitimate.
Since the victim believes they are talking to a trusted partner, they willingly provide information. The fraudster may provide a code and a link for the victim to enter the information they need, or they may ask for the victim’s user ID and password. Once the fraudster has the credentials, they can make transactions on the victim’s account.
Recent Nacha Impersonation
Nacha stands for National Automated Clearing House Association, the government agency that governs the world of legitimate ACH transactions. In one trusted partner scam, a fraudster claiming to represent Nacha will call organizations that originate ACH payments claiming they need to review ACH files and offering to send a link to upload information.
“However, Nacha will never contact you directly to request ACH file reviews or the file transfers in this manner,” Taylor said.
It’s good to be suspicious of these types of calls, especially when they ask for sensitive information or user credentials. Verify calls or emails of this type by implementing the STOP–CALL–CONFIRM control by calling a number known to you. Remember, Regions will never call you and ask you for the combination of your user ID and password.
“If you think you might be a victim, call your bank immediately,” Taylor said. “Regions customers can call Regions Client Services at 1-800-787-3905.”
Additional Resources from Regions.com
Related Articles from Doing More Today
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.