Imposter Scams

Imposter scams involve a fraudster impersonating a trusted person or entity to convince the victim to send money or provide confidential information. When attempting to defraud a victim, fraudsters often impersonate trusted entities, such as your bank, technical support for major corporations, government agencies or trusted business partners. Some examples include:

• Bank Impersonation – The easiest way for a fraudster to steal a victim’s money is for the account owner to give them control of their accounts. A fraudster calls or texts a victim, claiming to be an employee of the bank, regarding activity on the victim’s account. The fraudster may even provide the name of an actual bank employee or have legitimate transaction information they’ve stolen from your mail or through social engineering. The fraudster will state that in order to authenticate you they need your username and password. (Remember: Your bank will never ask for your username or password via the phone or text message.) The goal of the fraudster is to log in to your account while on the phone or via text message. The fraudster may even ask for a one-time passcode that is being generated by the bank. The fraudster then drains the account through any means that is readily available. The most effective way to avoid this scam is to call the bank directly at the phone number on their official website, not through a link in an email or text, and confirm what you were told.
• Tech Support Impersonation – One of the more common imposter scams involves convincing victims that there is a technical problem with their electronic device, most commonly their computer. The imposter may call, email, text or even appear as a pop-up window on your phone or computer screen. Fraudsters may impersonate a support representative from a company like Microsoft or Apple and request remote access to your device, login information or payments for a support subscription that doesn’t exist. The best thing you can do is ignore these communications; but if you’re unsure, visit the manufacturer’s website directly, not through a link, find their customer support contact information and ask them to confirm the communication.
• Government Impersonation – Fraudsters routinely impersonate government agencies like the Internal Revenue Service (IRS), Social Security Administration (SSA), Medicare/Medicaid, unemployment or law enforcement agencies and others to manipulate their victims through fear. The fraudsters may threaten loss of benefits, arrest, or even claim the victim is owed money and needs to provide personal information to validate a payment claim. The best defense is to contact the agency directly using the contact information on their official website before providing any payment or information.
• Vendor/Customer Impersonation – For business owners, a fraudster may compromise the email account of one of your vendors and study the patterns and protocols of the accounting department. Using that information, the fraudsters can create a fraudulent email, requesting future invoice payments to be paid to a new bank account owned by the criminal. Similarly, a fraudster could impersonate a customer and request that a high-value order be shipped to a new address. A good rule of thumb is to always confirm change requests by contacting a trusted individual at the phone number you have on file for the vendor/customer. Remember, the email address may be under the control of the fraudster, so a phone call using the number you have on record for the vendor/customer is always best instead of relying upon a phone number provided in the email or any links provided in the email.

Impersonation scams can be easily avoided by making a simple confirmation call to a trustworthy phone number. If the original call/email is truly legitimate, they shouldn’t object to you confirming their intentions. An extra 3-5 minutes could prevent significant losses. If you ever suspect someone is impersonating MidFirst Bank, contact us immediately at 888.MIDFIRST (888.643.3477).