Understand the risks of fraud

Account takeover and cyber intrusion

Account takeover occurs when a fraudster gains control of an online account by stealing login credentials or hijacking an active session. Once inside, the fraudster may initiate unauthorized ACH payments or wire transfers, often without the account holder realizing it until funds are gone.

Cyber account takeovers are commonly enabled by:

• Malware installed through email attachments, links or compromised websites
• Credential theft through phishing or spoofed login pages
• Browser‑based attacks that manipulate what users see during an online session

Because these attacks can operate silently, unauthorized activity may be difficult or impossible to reverse if not identified quickly.

Payment fraud: checks, ACH and wires

ACH debit fraud

ACH debit fraud happens when a third party initiates an unauthorized electronic withdrawal using a victim’s account number and routing number, information that is readily available on any check.

While some unauthorized ACH debits may be returned if identified within allowable timeframes, these transactions can still result in disruption and loss if activity is not monitored closely.

Check fraud

Check fraud continues to account for some of the largest financial losses due to the wide availability of check and account information and the short timelines for identifying and returning unauthorized items.

In many cases, businesses have only one business day to reject unauthorized checks after they post, making daily review critical.

Common check fraud schemes

• Altered checks: A fraudster intercepts a legitimate check and alters the payee name, the amount or both before depositing it.
• Counterfeit checks: Fake checks are created using a company’s real account and routing numbers, often with realistic formatting and branding.
• Forged or missing endorsements: Checks may be deposited electronically with a forged endorsement or no endorsement at all, delaying detection until a payee reports a missing payment.
• Lost or stolen checks and check stock: Issued checks or blank check stock are stolen from unsecured locations and used to commit fraud.

Impersonation and social engineering scams

Social engineering relies on manipulation rather than technology. It exploits trust, familiarity and urgency to convince someone to act.

Executive impersonation

Fraudsters spoof or compromise the email accounts of executives and send payment requests that appear legitimate. These messages often:

• Use authentic language and formatting
• Reference real transactions
• Create urgency to bypass verification

Vendor impersonation and vendor fraud

In these schemes, fraudsters pose as vendors and request changes to payment instructions, payment to a new bank account or approval of fraudulent invoices that closely resemble legitimate ones.

Some scammers first monitor a company’s payment patterns before sending a request designed to blend in with normal activity.

High‑value purchase scams

Large equipment and asset purchases are attractive targets due to their size and the sense of urgency they create. Fraudsters may clone legitimate dealer websites, reuse authentic listings and photos and pressure buyers to move quickly and send wire payments.

Taking time to verify dealer identity, website domains and payment instructions can prevent significant loss.

Phishing, vishing and smishing

These fraud methods are frequently used as entry points for larger fraud schemes.

• Phishing uses deceptive emails to steal credentials or install malware.
• Spear phishing targets specific individuals based on their role or access.
• Vishing uses phone calls, often with spoofed caller ID, to solicit sensitive information.
• Smishing uses text messages that create urgency and direct users to malicious links or phone numbers.

Malware and ransomware

Malware can be introduced through email attachments, unsafe downloads, compromised websites or deceptive pop‑ups. In more advanced attacks, fraudsters may record keystrokes to capture credentials, intercept browser sessions or conceal fraudulent transactions from the user’s view.

Ransomware attacks, where data is encrypted until payment is made, have increasingly targeted agricultural and rural organizations.