CloseModal
5/15/2026 7:00:00 AM | Business Success

Three trending scams your business can't afford to ignore

Fraud tactics evolve quickly, but most successful scams still rely on the same pressure points: urgency, trust and routine business payments. Below are three of the most common (and costly) schemes affecting businesses today, along with practical steps you can take to reduce risk across your organization.

1. Bank impersonation scams

How it works: It usually starts with a phone call, text or email that looks like it’s from your bank, often spoofing the name on Caller ID. The message seems real — and urgent. You’re told there’s suspicious activity on your account and asked to act immediately by confirming your information, sharing a one-time passcode or login credential, or transferring money to a so‑called safe account.

Red flags:

  • You’re asked for a password, PIN or one-time passcode.
  • You’re told to click a link to “unlock” or “verify” your account.
  • You’re pressured to move funds immediately, often via wire or ACH, to prevent loss.
  • The caller asks you to keep the situation confidential or bypass normal approvals.
  • You’re asked to install software, share your screen or grant remote access.

How to protect your business:

  • Adopt a “hang up and call back” rule. Call your bank using a trusted number from the back of your card, a statement or the official website. Do not use a number or link provided in the message.
  • Turn on account alerts. Enable alerts for new payees, password resets, device changes and outgoing transfers. Stay vigilant for changes or transactions you didn't initiate or don't recognize.
  • Strengthen authentication and permissions. Use multi-factor authentication and give users only the access they need, i.e. initiate versus approve transactions.

2. Business email compromise (BEC)

How it works: Scammers spoof or take over an email account of a vendor, executive or employee and use it to request payments, change banking details or reroute invoices. The message often looks routine — until you notice the sender is pushing urgency or directing you to new payment instructions.

Red flags:

  • A vendor requests a change to bank account/routing details, especially via email only.
  • An executive asks for an urgent payment or gift cards, or asks you to bypass standard process.
  • You see subtle sender changes, including a look-alike domain, extra character in the URL or a reply-to email address that doesn't match.
  • The timing, tone or payment amount is different from normal, expected patterns.
  • There is pressure to act quickly or keep the request confidential.

How to protect your business:

  • Verify payment changes out-of-band. Confirm new payment instructions by calling a known contact using a number from your records, not the email signature.
  • Require dual control for payments. Separate who can add/modify vendor details from who can approve payments.
  • Standardize invoice workflow. Verify first-time payments, changes to beneficiary details and “rush” requests via out-of-band contact with the known phone number for the requestor.

3. Check fraud

How it works: Fraudsters may steal outgoing checks from mailboxes, alter or “wash” payee names and amounts, create counterfeit checks using your account details, or deposit the same check multiple times, including via remote deposit. Another common tactic is the overpayment scam: you receive a check for more than expected and are asked to refund the difference. The original check is eventually returned unpaid.

Red flags:

  • Checks mailed by you go missing, arrive late or show signs of tampering.
  • You receive an unexpected check with a request for a quick refund.
  • Payee name looks altered; amounts or endorsements appear inconsistent.
  • Duplicate checks clear the account or there is unusual check activity you don’t recognize.

How to protect your business:

  • Consider Payee Positive Pay/Positive Pay. Match presented checks against your issued-check file and reject exceptions you don’t approve.
  • Secure check handling. Keep checks in a locked location and limit access. Use check printers with secure features.
  • Reduce check volume where possible. Move recurring payments to electronic options with stronger controls and approvals.
  • Mail safely. Use secure mail pickup/drop-off, avoid leaving outgoing checks in unsecured mailboxes and consider tracking for high-value items.
  • Reconcile frequently. Review accounts daily or weekly so you can act quickly on unauthorized items.

What to do if you think you’ve been scammed

Stop immediately and call your bank using a verified number to review activity and place holds if needed. Secure accounts by resetting passwords from a clean device, preserve all evidence and alert internal teams so the scam doesn’t continue.

Columbia Bank customers: Call us at 866-563-1010. We will help protect your accounts and provide important next steps.