How to Avoid Bank Scams and Mitigate the Risk of Bank Fraud 

by | Mar 26, 2024 | Finance

Spammers, scammers, and fraudsters never rest, and it feels like they are always one step ahead. Luckily, security experts, governments, and companies are working hard to fight it by leveraging technology (including machine learning and artificial intelligence). The goal is to make digital transactions and general internet use safer to keep your personal information and money protected from bad actors. 

More good news – you don’t have to be a cybersecurity expert to help take part! There are plenty of easy steps you can take to mitigate your risk of experiencing bank fraud.  

Why is it so important to take an active stance in combating scams and fighting fraud? There’s a lot of it out there.  According to the Federal Trade Commission, American consumers lost over $10 billion to scams in 2023 with reports from 2.6 million customers, an increase from $8.8 billion in 2022 with reports from 2.4 million consumers. Of course, this portion only represents fraud in the United States, but this is happening globally. 

In this blog, we’ll describe common bank scams to look out for and ways to secure your accounts and presence online to minimize your risk of experiencing fraud and identity theft. 

Woman in a pink blazer holding a smartphone with icons of a thumbprint reader and lock to represent avoiding bank scams.

Avoiding Bank Scams

There is no shortage of online scams, as scammers continue to evolve to find new tactics to lure victims into sharing personal information. The FTC reports that in 2023, the top frauds were due to imposters, online shopping, prize or sweepstakes scams, investments, and business/job opportunities. They reported that between 2022 and 2023, losses for investment and business/job opportunity scams grew notably. 

For last year, scams conducted by phone calls had the highest loss per person at $1,480 for the median loss, social media generated the highest overall reported loss, and email has the highest number of reports. Younger people were more likely to report losing money to fraud than older people, but when  older people lost money, the median amount lost was much more. When people 80 or older lost money to fraud, the median amount was $1,450.

Charts from the Federal Trade Commission Consumer Sentinel Network Data Book 2023 showing that of fraud victims, 44% were age 20-29 and 25% were age 70-79.
Federal Trade Commission Consumer Sentinel Network Data Book 2023

Keep reading for more details on these types of scams and what you can do to avoid them. 

Phishing scams

Phishing scams cover multiple types of scams. They involve sending emails, text messages, social messages, or creating websites that impersonate other people or companies. Because they can look like a legitimate organization or individual, this lulls people into a sense of security, which tricks them into providing personal information, such as passwords, credit card numbers, or Social Security numbers. 

Sometimes phishing emails look obviously fake, and other times they are passable at a quick glance. In case one slips past the junk filter, you can identify a phishing email, social media post, or website is fake by checking the sender’s address or account and watching out for typos or incorrect grammar.  

Phishing emails pretending to be from companies including AT&T, TJ Maxx, USPS, and Tumi
Examples of phishing emails from Hope’s personal inbox

Impersonation / imposter scams

With impersonation scams, the fraudster pretends to be someone you know and trust, or an authority figure. These might be a family member, friend, government official, or company executive. The scammer will claim you owe money or need to provide personal information urgently, which they then use to defraud you or a company or bank. 

Lottery, sweepstakes, or prize scams

We all love to win, and brands do host legitimate contests – but fraudsters prey on that.  With prize-based scams, victims receive notifications that they’ve won a lottery or prize, even though they didn’t enter to win. The scam is that to claim the prize, the scammer asks the victim to pay for taxes or fees, which directly steals money. Or, they’ll steal the personal information the victim provides. 

Prize scams often overlap with phishing scams. See this phishing email which is posing as a prize email from the United States Postal Service. You can tell it’s fake because: 

  • the United States Postal Service does not give out prizes 
  • there is an extra letter in the acronym 
  • the domain is .com but an email from the Postal Service would be .gov as a government entity 
  • the language in the email is off; it has incorrect grammar and phrases like “gift card gift”  
Phishing email pretending to be a prize notification email from the United States Postal Service
Example of a phishing email

Investment scams

Investment scams promise what every investor wants: high returns on your money invested with little to no risk. Scammers might offer fake investment opportunities, cryptocurrency schemes, or pyramid schemes to lure victims into giving away their money or personal information.  
If you’re looking to invest your money, stick with reputable services, like stock brokerages or investment services provided by your bank, and speak with a financial advisor. 

Job scams

People looking for employment opportunities may be particularly vulnerable to job scams. Here are some that fall under this umbrella:  

  • Paying for training, but then not getting paid for work 
  • Paying for job placement services 
  • Doing work that involves illegal activity, like reshipping goods bought fraudulently 
  • Cashing a fraudulent check and being told to send money back because they supposedly overpaid, or being instructed to use the money they sent to buy some kind of equipment or services  

In the market for a new job or side hustle and nervous it’s a scam? Check out this resource from the Federal Trade Commission with more detail on job scams to ensure you’re only pursuing legitimate employment opportunities. 

Tech support scams

With tech support scams, individuals receive unsolicited phone calls or pop-up messages claiming to be from reputable companies – either the software or hardware company itself, or a tech support company. Tech support scammers often state that there’s a problem with the target’s computer or device and request remote access to the computer to steal information, or directly demand payment for unnecessary services. But computer manufacturers don’t actually do this sort of outreach, so if you get a call, disregard it. If you need tech support, reach out to a provider or call a tech-savvy friend or family member. 

Romance scams

Scammers create fake online profiles on dating websites or social media platforms to establish romantic relationships with victims. Once they have your trust, they ask for money under various pretexts, often claiming they need financial help due to an emergency.  

Not all people who use online dating services are scammers. Exercise precaution if you choose to meet up with a match, such as meeting in the daytime at a public location, and don’t share sensitive information until you get to know them well – just like you would with any new friend or partner. 

Current event/disaster relief scams 

Scammers take advantage of current events, such as the COVID-19 pandemic or natural disaster relief efforts, to create scams related to fake cures, testing kits, or financial relief offers. These scams prey on fear and uncertainty during challenging times. 

Mitigating Bank Fraud

Put a stop to identity theft, one step at a time! Don’t take chances with your security. Staying ahead of the curve by staying informed of the latest security risks can reduce your risk of having your identity and/or money stolen. 

Password best practices

One of the most important tips is to use strong passwords for all of your online accounts. Strong passwords can prevent the risk of identity theft because it is not worth the time it would take for a hacker to try to break into your account.  

Create complex passwords with at least 12 characters that include a mix of uppercase and lowercase letters, numbers, and special characters. When passwords are long and a string of random characters rather than phrases that hackers can guess, it would take a password-cracking algorithm years to crack the account. That’s why fraudsters rely on social engineering (more on that in a bit), because it’s easier for them to ultimately get into the account.  

It’s also especially important to use unique passwords for different accounts, because then if one is compromised, it won’t give the hacker access to your other accounts.  

Don’t worry – you don’t have to remember all of these yourself. Use a password manager to create and store strong unique passwords for every account. One such tool is Bitwarden which is free and legitimate. You’ll set one master password you do remember and that will provide access to the manager. It comes with apps and browser extensions so it’s very easy to use across all of your devices. It’s well worth the time to set up and migrate over.  

Multi-factor authentication and biometrics

Another factor in securing your accounts is to use multi-factor authentication and biometrics. MFA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. That way if someone tries to hack into your account, you can block their login attempt. 

One common multi-factor authenticator is Google Authenticator (available on both iOS and Android).

Common biometrics include Face ID on iOS devices or thumbprint readers. Setting these up whenever possible helps mitigate the risk of being hacked and defrauded because someone can’t falsify your face or thumbprint. (Hint: you can use Face ID with Apple devices or thumbprint readers on Android devices with Milli!) 

Combat social engineering 

Social engineering is one of the more subtle tactics to get your sensitive information. Scammers manipulate individuals into revealing information through various tactics, such as pretending to be a coworker, bank representative, or government official. Or, they trick you into sharing sensitive information online.  

How do people fall prey to this? One common method is that the scammer will make a fake social media account pretending to be a legitimate organization, then they will post content designed to engage the viewers. The account shares seemingly harmless posts prompting users to comment information that might go into common passwords, or password reset security questions – such as “What was your first job?” or “What car did you pass your driver’s license test in?” . With that information, the scammer works backwards to get into your accounts by resetting the password because he has the password reset security question answer. 

At first glance, the social engineering posts just seem like fun content from an influencer page or local radio station – but it’s really run by a scammer preying on people with their guard down on a social media platform. 

Use contactless payment methods

Sometimes fraud broaches from the web into the real world. Another type of fraud on the rise is due to debit and credit card skimmers, where someone installs a device on the physical card reader at a payment terminal or ATM to steal payment information.   

FICO – the organization behind credit scores in the U.S. – reported that in 2023, skimmers impacted more than 315,000 debit or credit cards, a 96% increase from 2022. The top five states for card skimming were California, Texas, Colorado, New Jersey, and Pennsylvania; these five states accounted for almost half of card skimming activity.

Image of a person wearing a yellow shirt completing a contactless transaction with an Apple Watch and icon of a mobile payment. This can mitigate the risk of bank fraud from card skimmers.

Whenever possible, use contactless card payments instead of inserting a physical card to avoid the risk of interacting with a card skimmer – tap to pay, or digital payments like Apple Pay or Google Pay. (As a reminder, the Milli Visa® Debit card comes with a virtual debit card number you can add to these digital payment wallets!) A common spot where fraudsters will install card skimmers is gas stations, so if contactless isn’t an option at the pump, go inside to pay at the register.   

Of course, you can always go old-school and carry some cash as a backup if the merchant doesn’t offer a contactless option. 

Take precautions with public Wi-Fi 

Public Wi-Fi is convenient, but not just for you. Hackers can use public Wi-Fi to steal personal information from connected devices. Avoid it when you can – it may be worth upgrading your phone’s cellular data plan. But most web traffic is encrypted these days, so if your device is up to date and you’re not visiting sketchy websites, you can use it – just be sure to take basic precautions: 

  • Turn off auto-connect  
  • Turn off file sharing  
  • Avoid accessing sensitive information  
  • Enable a firewall   
  • Use a trusted VPN (not a free one)  
  • Only use websites that show the secure socket layer lock icon in the address bar and URL that begins in https:// 

These precautions, coupled with strong password security measures, will go a long way to minimizing your risk. So go ahead, enjoy the in-flight Wi-Fi or connect to a coffee shop when you’re traveling in an area with limited cellular data service.  

Use an email service provider with a strong spam filter  

Security company Astra reports that 1.2% of all emails sent are malicious and there is a ransomware or phishing attack every 11 seconds. Using an email service provider with a strong spam filter is a meaningful step you can take to prevent your risk of accidentally engaging with a malicious email. In 2023, Outlook started experiencing broken spam filters which was a nuisance and risk for their users. Pro tip: iCloud Mail and Gmail have strong spam filters and are both free to use. 

Reporting Fraud to your Financial Institution and the FTC

Your bank and government agencies are fighting fraud diligently to protect you and the global financial system as a whole. Remember – you can play a role in helping. You can report scams, calls, or companies to the FTC if you suspect a scam or fraud even if you aren’t a victim of theft.  

Report phishing attempts and scams to your email service provider and social media channels to help improve spam filters and prevent others from seeing the messages and potentially falling for the ruse. 

If you’re a Milli customer and you think your account has been hacked, review this FAQ for what to do. If you use another financial institution, familiarize yourself with their fraud reporting so that way if it does happen to you, you can take action as soon as possible.  


Fraud is on the rise, but with some simple steps, you can protect yourself from fraudsters’ attempts to defraud you or financial institutions leveraging your information. Technology is a powerful tool and there have been equal strides in securing information to squash new methods of identity and financial theft. Stay informed and take the time to secure your information, and you’ll be able to protect your hard-earned money and peace of mind. 

Keep reading on the Milli blog:

5 Common Financial Mistakes and How to Avoid Them

4 Benefits of a Mobile Bank

How a Savings Account Can Help You Reach Your Financial Goals