Cybercriminals are getting bolder — and more convincing. Across Iowa, banks are seeing an increase in account takeover scams targeting business customers. These scams use phone calls and text messages that look like they’re coming directly from your bank to steal login credentials and gain full access to online banking accounts.
How the scam works
Fraudsters start with a phone call impersonating your bank, claiming there’s a problem with your account or a suspicious transaction.
Shortly after, they send a text message that appears legitimate — often including your bank’s name or logo — with a link to a fake login page that perfectly mimics your bank’s website.
Once you enter your credentials, scammers use that information to access the real online banking site and may ask for your multi-factor authentication (MFA) code to “verify” your identity. When shared, that code gives them full access to your account and the ability to move money instantly.
How to protect your business
- Never share your online banking credentials or MFA codes. Your banker will never ask for them over the phone, text, or email.
- Don’t click on links in texts or emails claiming to be from your bank. Always go to your bank’s website by typing the URL directly into your browser.
- Watch for spoofed websites. Scammers can make fake pages look almost identical to legitimate ones.
- If you get a call “from your bank,” hang up and call your bank directly using a trusted phone number.
As technology evolves, so do scams — but awareness is your best defense. When in doubt, contact GCSB directly before sharing any sensitive information.