Contact UsReport fraud or suspicious activity
Report a lost or stolen credit card
Email UsReport suspicious emails
Online Fraud - Small Business Security Center
Switch to another Security Center:
Types of Online Fraud
Through the use of fraudulent emails, internet thieves attempt to "phish" for confidential business information. They attempt to steal this information by means of "pop-ups" or emails with internet links to deceive you into disclosing sensitive information (such as bank account numbers, Tax Identification numbers and Employer Identification numbers).
Often the email appears to be from a trusted source (such as your bank) and directs you to a "spoof" Website that requests you to divulge sensitive information or even ask you to call a phone number and provide account information. But the Website is a fake. View fake emails and websites.
What you should look for:
- Asking for personal or business information should raise a flag since Bank of the West will never send you unsolicited emails with embedded links or pop-up windows that ask for confidential information, such as your Tax Identification number, Employer Identification number, account numbers, ATM or Debit Card PIN.
- Urgent appeals claim that your account may be closed if you fail to confirm, verify or authenticate your personal or business information. Bank of the West will never ask you to verify information in this way.
- Messages about system and security updates claim that the bank needs to confirm important information due to upgrades and state that you must update your information online. Bank of the West will not ask you to verify information in this way.
- Offers that sound too good to be true often are. You may be asked to fill out a short customer service survey in exchange for money being credited to your account, and you are then asked to provide your account number for proper routing of the supposed credit.
- Typos and other errors are often the mark of fraudulent emails or Websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.
Malware, short for "malicious software," includes viruses, spyware and Trojans that are designed to infiltrate or damage a computer system. Malware is often used to steal personal or business information and commit fraud. There are several easy ways to minimize the risk of malware:
- Avoid downloads from file sharing and social networking sites, which can be distribution points for malware.
- Do not open email attachments or install free software from unknown sources.
- Do not click on pop-up advertisements asking for personal, business, or financial information, simply close them.
- Regularly update your security and system software and protect your computer from malware threats.
Vishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal, business, and financial information from the public for the purpose of financial reward.
Typically, when the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the phone number provided immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad. Once the victim enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account.
Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen funds or merchandise. This type of online scam preys on victims who are unaware that the money or merchandise they are transferring is stolen. In these scams, the stolen money or merchandise is transferred from the victim's country to the scam operator's country.
Money mules are commonly recruited with job advertisements for "payment processing agents," "money transfer agents," "local processors," and other similar titles. Criminals recruit money mules, send them stolen money and then ask the money mules to wire or transfer the money unwittingly to the criminals. Using the money mule masks the criminal's identity.
The money mule may keep a commission for performing the transfer or wire. Victims of these scams may not only have their bank accounts closed, but are often held financially responsible for returning the stolen funds.
Common signs of a money mule scam:
- Overseas companies requesting money transfer agents in the US.
- Opening new bank accounts to receive money from someone you don't know.
- Accepting large sums of money into your bank account for a new job.
- Transferring or wiring funds out of your bank account to people you do not know.
The internet has provided the public with more transaction and business offerings than ever before. An individual can bid on a luxury item and a business owner can advertise to a global market at a click of the button. As an internet user, you must be aware that internet scams are as varied and abundant as the legitimate offerings on the internet.
We've listed some of the most popular internet scams and some ways to identify them. For more detailed information on internet scams, please see the Federal Trade Commission website.
Internet auction fraud involves the misrepresentation or non-delivery of an advertised product through an internet auction site. Internet auction fraud is among in the top ranking of consumer complaints to the Federal Trade Commission.
Know the auction site you are doing business with. Find out what protections the site offers you, such as guarantees for services not delivered.
You should never have to provide your Employer Identification or driver's license number online.
Do not provide the account number you are using for the purchase, until you have done your research and are ready to make your purchase.
It is likely that you will have to use an online payment method to complete your purchase as a buyer. This may be a service like PayPal or an escrow service. Check out the company handling the payment by reading through their website and calling their customer service to ask specific questions about their security policy and terms of service. You need to make sure that you are protected should the seller renege on their side of the bargain.
Be cautious of sellers who give the appearance of being within the United States but reveal themselves to be out of the country when you are preparing to make your payment for the goods.
Wiring funds directly to the seller leaves you with no options should you find yourself a victim of internet auction fraud. Even wires through well-known banks or an escrow service will not protect you.
There are very few of us who have never received unsolicited offers through email, better known as SPAM. For many fraudsters, the objective of spamming is to gather personal or business information that can be used to steal your money and/or your identity. Criminals may also send you attachments and links that will lead you to spoof sites or cause you to inadvertently download harmful software to your computer.
Never send your personal or business information to an unknown source via email. Criminals may try to entice information out of you or your business by stating that an offer is only good if you buy now or give them your information immediately. No legitimate business would deny you the time to check out their claims.
If you do not know the source of an email, delete it. Even if a co-worker or friend you trust sends you a link or attachment such as in an email chain, it may be infected.
Keep your computer firewall, anti-virus, and anti-spyware software up to date.
Nigerian Letter/419 Scam
This scam typically begins with an unsolicited communication from individuals representing themselves as Nigerian or foreign government officials. This "official" offers you a percentage of a large amount of money in exchange for assistance in placing money in overseas bank accounts. You may be asked to send your account numbers, blank letterhead stationery, or other kinds of identifying information via a provided fax number.
Follow the old saying, "if it sounds too good to be true, then it probably is".
Avoid any offers to get rich quick through the complex transfer of funds, particularly if it involves sending money overseas. It is highly unlikely that the scheme will deliver to you what is promised, and even if it does, it is very likely illegal. Do not put your money, your business identity, and reputation at stake.
Lottery or Sweepstakes Scam
Lottery and Sweepstakes scams are on the rise. Scam operators, often based in Canada, are using email, telephone, fax and direct mail to trick U.S. consumers into believing they have won large sums of cash through foreign lotteries.
The details of the lottery scams vary with regard to the name of the lottery itself, the country of origin, the sponsoring organization, the amount of the prize and other particulars. Scammers will add a patina of legitimacy to their claims by mentioning real financial institutions, government agencies or well-known companies.
The scam begins with a notice that you are the winner of a lottery or sweepstakes that you did not enter. You may be asked to provide banking details, a large amount of personal information, and copies of your driver's license and passport to prove your identity and to facilitate the transfer of your winnings. If you comply with these requests, the scammers will have enough information to steal your identity. In order to receive the winnings, you must first pay a small percentage for fake taxes or other fees. The scammer typically instructs the victim to wire advance fees through Western Union. Once the money is transferred, the scammer moves on or in some cases comes back to request additional funds but the "lottery winnings" never appear.
Legitimate lotteries or sweepstakes will not require payment to receive the winnings. Do not respond to emails/letters/faxes that claim you have won money. Never give out your confidential personal or bank account information to anyone claiming to hold your "winnings". Participation in foreign lotteries is against the law.
Overpayment Scam (Counterfeit Check)
Someone responds to your posting or ad, and offers to use a cashier's check, personal check or corporate check to pay for the item you're selling. At the last minute, the so-called buyer (or the buyer's "agent") comes up with a reason for writing the check for more than the purchase price, and asks you to wire back the difference after you deposit the check. You deposit the check and wire the funds back to the "buyer". Later, the check bounces, leaving you liable for the entire amount.
Overpayment scams are primarily perpetuated through internet-based transactions (i.e. eBay or Craigslist) but can also be phone-based transactions. Scams frequently consist of a counterfeit cashier's check or another monetary instrument for payment of an item. The counterfeit item looks legitimate and often contains watermarks and other security features. The check amount is usually greater than the purchase price of the item. The seller or business deposits the check into their account believing that the counterfeit item is legitimate.
Know who you're dealing with. In any transaction, independently confirm the buyer's name, street address, and telephone number. Don't accept a check for more than the selling price, no matter how tempting. If the buyer insists that you wire back funds, end the transaction immediately.
Criminals have devised counterfeit check schemes targeting attorneys. Scammers will use the names of legitimate companies to gain credibility and use email addresses created to show a possible connection to the legitimate company. Scammers will email, fax, or call the law firm requesting legal services in connection with a settlement.
If the attorney responds, the scam begins and the attorney will eventually receive a fraudulent settlement check that usually appears to be a cashier's check or business check. The attorney is asked to deposit the settlement check, keep a retainer fee and wire the remainder of the settlement to the client's (scammer's) overseas account. The original settlement check is later returned as unpaid/fraudulent and the attorney is left responsible for the funds wired out of the attorney's bank account overseas.
Be suspicious of a solicitation that offers a relatively large fee for minimal work and is outside your usual practice. Carefully scrutinize unsolicited email/phone calls from individuals or entities requesting services with whom you have no prior dealings, particularly if the solicitation originates from a foreign country. Educate your staff to be on the lookout for these types of schemes. If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that's not possible, call the bank where the check was issued and verify that the check is valid. Get the issuing bank's phone number from directory assistance or an Internet site that you know and not from the check or the person who gave you the check. Monitor your bank accounts and ensure that settlement checks you deposit, clear through the banking system and you have received good funds before you issue or pay monies to clients.
Online Job Scam
Another common internet scam involves soliciting individuals for what appears to be a lucrative position that will allow them to work as an independent agent or from their home.
Job scammers use reputable online job boards to offer work-at-home jobs or accounting positions. These job scams may require employees to receive money into their existing bank account (or open new accounts) and then transfer the money to another account, often overseas. As payment, the job seeker is instructed to keep a small percentage of the transfer.
Be cautious of any employer offering employment without an interview (either in person or by phone). Thoroughly research any employer requesting that you transfer funds or receive packages for shipment, especially if they are located overseas. Most of these employment offers are check-cashing or shipping scams. Do not provide your Social Security number or any other sensitive information unless you are confident that the employer is legitimate.
Online Security Tips
- Memorize your User Name and Password. Your online User Name and Password authenticate you when you begin a Business Online Banking session. You should memorize your Password and never write it down anywhere, save to your computer, or reveal it to anyone.
- Create a complex Password that:
- Is 8 - 12 characters in length. The longer the Password, the better.
- Includes letters and numbers.
- Has at least four different characters (no repeats).
- Has at least one special character.
- Is a sequence of random letters and numbers.
- Is not obvious or easily obtainable information.
- Change your Password regularly. You can easily change your Password by visiting the Change Username/Password page under Preferences in the Services tab of Business Online Banking.
- Remember to logout of Business Online Banking and close all browsing sessions for security. Don't rely on our session time-out feature.
- Verify the security certificate of any website you're going to input sensitive information into.
- Bank of the West uses VeriSign Secured and Secured Socket Layer Technology (SSL "lock"). Click on the VeriSign logo to confirm the site's authenticity. When conducting online transactions involving sensitive information such as passwords, PINs or account numbers, look for the SSL lock first.
- Check for the yellow lock icon in the status bar of your browser. This means that the website uses encryption to protect your information. Make sure the yellow lock icon is closed, indicating that the encryption is on. Double-click it to display the security certificate. The security certificate information should match the name of the site you intended to be on.
- Do not share any confidential information through suspicious emails, websites, social media networks, text messages or phone calls.
- Protect your personal or business and account information, including your Business Online Banking user name, password, and answers to security questions. Do not write this information down or share it with anyone.
- If you receive a suspicious email, do not click on any links or reply to it. Simply delete it.
- Avoid using a public or shared computer for business and financial transactions. Only conduct Online Banking and financial transactions using a trusted computer.
- If your computer is infected with a virus, run anti-virus software to remove the infection and change passwords on all your financial and business accounts including your email using a secure device.
- Make sure the computer(s) you use have current software security patches and anti-virus software. Anti-virus software requires frequent updates to guard against new viruses.
- Install a personal firewall to help prevent unauthorized access to your home computer.
- Wireless access should be secured with strong password encryption. Be cautious when using public hotspots and consider your Wi-Fi auto-connect settings.
- Do not include account or sensitive information if you are communicating with us via firstname.lastname@example.org. If you use online banking, please send a secure message through the Message Center function of your Online Banking service.
Email Security Tips
- Be wary of unsolicited email containing urgent appeals for security, business, or personal information.
- Spelling errors can help fraudulent emails get through your spam filters.
- Never open attachments, click on links, or respond to emails from suspicious or unknown senders.
- If you receive a suspicious email that you think is a phish, do not respond or provide any information. Simply delete it.
- To report a suspicious email that uses Bank of the West's name, forward it to email@example.com.
If you believe you are the victim of fraud or business identity theft, call Bank of the West immediately at
To report a lost or stolen credit card, call us at 1-800-996-2638.
If you've received a suspicious email, let us know by emailing us at:
Need more information on what to do in case of fraud?
Report Fraud or Business Identity Theft >