JOHNSTON, Iowa — The Iowa banking industry is reporting a rise in sophisticated corporate account takeover scams targeting business customers.
Fraudsters are initiating these attacks with a phone call impersonation, followed by a legitimate-looking text message containing a malicious link. This link directs recipients to a spoofed login page designed to mirror the bank’s website, where it captures online banking credentials.
The scammer then uses this information to access the legitimate bank website and requests the multi-factor authentication (MFA) code from the customer, granting them full access to the customer’s online banking profile and money movement capabilities.
The Iowa Bankers Association is urging customers to follow these critical tips:
- Never disclose account information, online banking login credentials, or share MFA codes with anyone. Your banker will never ask for an MFA code over the phone.
- Be wary of spoofed websites that mimic your bank’s official site.
- Avoid clicking on links in communications you receive. Always type your bank’s URL directly into your browser.
- If you receive a call from your bank requesting transaction confirmation, hang up and call your bank directly using a known number.
October, recognized as Cybersecurity Awareness Month, serves as a timely reminder for fraud awareness. The Iowa Bankers Association’s website offers various resources to combat fraud, and the American Bankers Association’s “Banks Never Ask That” campaign provides consumers with information on common red flags.
Financial fraud is evolving with technological advancements. Always trust your local banker and verify directly with them before sharing any financial information, the association said.
