Header Content
First Commonwealth Bank Logo
Open Account
1-800-711-BANK (2265)
Menu Contents Start Main menu
Menu Contents End
Main Content
Fraud Prevention Resources

Top Fraud Trends Affecting Business Banking Customers

AI-Fueled Scams (Deepfakes & Synthetic Identities)

Deepfake scams are gaining traction, with fraudsters impersonating executives via AI-generated voice or video to authorize substantial transfers. Take time today to find out how you can continue to protect your business from fraud.

How Businesses Can Prevent AI-Assisted Deepfake Bank Fraud

1. Strengthen Your Banking Security

  • Enable multi-factor authentication (MFA): Always turn on text/app codes, security keys, or biometrics.
  • Use official bank apps/websites only: type the bank URL directly.
  • Set up all available account alerts: Get instant notifications for logins, transfers, or balance changes.

Business Email Compromise (BEC) & Account Takeover (ATO)

These schemes are prominent, with attackers impersonating colleagues or partners to initiate unauthorized transfers. In addition, account takeover fraud exploits stolen credentials or malware to hijack business accounts for fraudulent activity. 

Protect Against Business Email Compromise (BEC)

  • Secure your domain: Implement SPF, DKIM, and DMARC to prevent email spoofing.
  • Verify payment requests: Always confirm changes in vendor payment details via a separate, trusted channel (phone call to a known contact).
  • Be wary of “urgent” instructions: Scammers often impersonate executives or vendors with urgent, secretive transfer requests.
  • Email hygiene: Train staff to inspect sender addresses carefully — small variations (e.g., @yourc0mpany.com) often signal fraud. 

Protect Against Account Takeover (ATO)

  • Multi-factor authentication (MFA): Enforce MFA for all business banking and email logins.
  • Strong password policies: Require long, unique passphrases, rotated periodically.
  • Device and session monitoring: Flag unusual login activity (new devices, locations, or odd login times).
  • Access controls: Limit administrative privileges to essential staff only.

Employee Training & Awareness

  • Run phishing simulations: Help employees recognize realistic attacks.
  • Highlight red flags: Urgency, secrecy, requests to bypass procedures, or unusual payment instructions.
  • Build a “pause and verify” culture: Staff should feel safe questioning unusual requests — even from leadership.

Technical Safeguards

  • Email security gateways: Filter for phishing, malware, and suspicious attachments.
  • Behavioral analytics: Monitor for anomalies in email patterns or payment behavior.
  • Vendor verification systems: Use “confirmation of payee” tools to reduce risk of sending to fraudulent accounts.

Banking Safeguards

  • Dual authorization: Require two approvers for large or unusual transactions.
  • Transaction monitoring: Enable alerts for outgoing wires and ACH transfers.
  • Whitelist trusted payees: Restrict payments to pre-approved vendors or accounts.
  • Immediate reporting: Notify your bank instantly if you suspect ATO or fraudulent instructions — speed matters for potential recovery.

Limit Data Exposure

  • Reduce public info on executives: Fraudsters often target CFOs, finance managers, and AP staff.
  • Restrict internal directory access: Criminals use organizational charts to craft realistic attacks.
  • Be cautious with autoreplies: Out-of-office messages can reveal valuable details to attackers.

Real-Time Payment Exploitation & Authorized Push Payment (APP) Scams

  • Faster payment systems enable fraudsters to move stolen funds almost instantly, reducing the window for detection.
  • Authorized Push Payment (APP) fraud—where victims willingly authorize transfers to scam accounts—is surging globally. 

Preventing Real-Time Payment Exploitation & APP Scams

Understanding the Risks

  • Instant settlement = no reversal: Once funds are sent, they’re often gone.
  • Fraudsters exploit urgency: “Pay immediately to avoid penalties,” “secure your account,” or “close a deal.”
  • APP scams target people, not systems: Victims authorize the payment themselves after being tricked.

Strengthen Payment Controls

  • Dual authorization: Require two employees to approve all RTP/large-value payments.
  • Segregation of duties: Separate staff who initiate payments from those who approve them.
  • Transaction limits: Cap the maximum amount for real-time payments unless executive approval is provided.
  • Verify all updated payment information received from a purported vendor etc. via phone call to a known phone number.

Verify Every Payment Instruction

  • Out-of-band verification: Always confirm changes in beneficiary account details with a trusted contact using a known phone number (never the one in the email/text).
  • Call-back protocols: Mandatory for high-value vendor payments, payroll changes, or “urgent” wire requests.
  • Confirmation of Payee (CoP): Use it where available — ensures the payee’s name matches the account holder.

Train Employees to Spot APP Scams

  • Red flags: Urgent, secretive, or unusual requests for payment.
  • Impersonation awareness: Fraudsters pose as executives, vendors, or banks using phone, email, or even deepfakes.
  • “Stop and verify” culture: Employees should feel safe questioning unusual instructions, even from leadership.

Use Banking & Security Tools

  • Positive Pay & ACH filters: To block unauthorized outgoing debits.
  • Alerts & notifications: Set real-time alerts for all RTP transactions.

Collaborate With Your Bank

  • Report incidents immediately — speed is critical; banks may be able to trace funds if alerted fast enough.

Check Fraud 

Traditional methods face a revival, with scammers using AI to generate highly convincing counterfeit checks and manipulating remote deposit systems.

Preventing Check Fraud 

1. Secure Your Checks & Mail

  • Use tamper-resistant checks: Incorporate watermarks, micro-printing, and security features.
  • Mail checks from inside the post office (not outdoor mailboxes that thieves can “fish”).
  • Limit check stock access: Keep blank checks locked and restrict employee access.
  • Consider e-payments: Switch to ACH, wire, or secure digital platforms where possible.

2. Monitor & Reconcile Accounts Frequently

  • Daily account monitoring: Set up alerts for check clearings.
  • Positive Pay services: Many banks offer this tool — you provide the bank with issued check details, and they only honor exact matches.
  • Reconcile quickly: Match issued vs. cleared checks to catch fraud early.

3. Strengthen Internal Controls

  • Segregate duties: Separate staff who write checks from those who reconcile accounts.
  • Dual approvals: Require two signatures for high-value checks.
  • Employee training: Teach staff to recognize check fraud scams (e.g., overpayment or altered payee fraud).

4. Detect Alteration & Counterfeiting

  • Review returned/cancelled checks for signs of washing (erasures, discoloration, handwriting changes).
  • Use secure pens (gel ink is harder to wash than ballpoint).
  • Validate payee information — fraudsters often alter the payee name slightly.

5. Partner With Your Bank

  • Ask about fraud prevention services: Positive Pay, Reverse Positive Pay, ACH debit filters.
  • Set transaction limits: Cap check amounts that can clear without review.
  • Report fraud immediately: Banks often have a short window (e.g., 24–48 hours) to return fraudulent checks.

6. Reduce Reliance on Checks Altogether

  • Migrate to digital payments where possible — ACH, virtual cards, and secure payment portals are harder to forge.
  • Inform vendors and clients about secure payment methods to reduce exposure.

Social Engineering via AI-Generated Communications

Fraudsters are using tools like ChatGPT to craft highly personalized phishing emails and texts, enhancing social engineering success. 

Preventing Social Engineering via AI-Generated Communications

1. Understand the Threat

  • AI-crafted phishing emails: Nearly flawless grammar, personalized details, and spoofed domains.
  • AI voice deepfakes: Fraudsters clone an executive’s voice to request urgent payments.
  • Video impersonations: Fake video calls to “authorize” wire transfers or vendor payments.
  • Highly targeted attacks: Criminals mine social media, company websites, and press releases to make messages convincing.

2. Strengthen Verification Processes

  • Out-of-band verification: Always confirm payment requests via a separate, known channel (e.g., call a vendor on their official number, not the one in an email).
  • Dual approval: Require two authorized employees for wire transfers, ACH payments, or changes to vendor details.
  • Confirmation of Payee (CoP): Where available, ensure account names match recipients.

3. Train & Protect Employees

  • Awareness training: Regularly educate staff on AI-powered scams and show real-world examples.
  • Red flag spotting: Emphasize urgency, secrecy, or unusual tone as classic manipulation tactics.
  • Phishing simulations: Run periodic tests (including AI-generated phishing) to strengthen resilience.

4. Work Closely With Your Bank

  • Use Positive Pay and ACH filters to catch unauthorized transactions.
  • Set transaction limits for transfers and require callbacks for high-value requests.
  • Report incidents immediately — banks may recover funds if notified quickly.
Footer Content