Imposter Scams: How to Identify & Prevent Imposter Fraud

Education is the best defense against increasingly common imposter scams in which scammers may impersonate bank representatives.
If you receive an unexpected call, text or email from someone claiming to be a relationship manager or the fraud department — even your treasury sales officer (TSO) — always verify the source using a known phone number, legitimate website, bill or statement.
Fraudulent websites can often be identified by poor design quality, grammatical errors, misspellings and urgent requests for contact or other information.
Be proactive by coordinating a mutually understood defense with your relationship manager and treasury officer.

As our daily reliance on digital communication steadily increases, scammers are evolving their tactics to exploit the trust we’ve built for online and other financial services. Imposter scams are on the rise with a reported loss of $752 million lost to business imposters in 2023.¹

Imposter scams typically begin with an anomalous email (commonly known as phishing), a phone call from a falsified number (vishing), an unsolicited text (smishing) or a social media message. The communications appear to be from trusted professionals such as a relationship manager, treasury sales officer (TSO), lawyers, government officials or law enforcement.² To make them appear more authentic, the perpetrators may even pose as your current relationship manager, or representatives of companies you already have relationships with.

By creating fraudulent websites using legitimate information they’ve harvested from online sources, these scammers lure clients and potential prospects into providing confidential information with the intention of committing financial fraud.

Imposter scams are on the rise, and education is our best defense.

Scammers are impersonating bank personnel by using their names, photos and other contact information to create fraudulent websites in order to steal your personal information.

Person holding a mobile phone in their hand and pointing at the screen with their right index finger

They may contact you by phone, text or email to try and trick you into providing your personal information. By spoofing legitimate phone numbers to call or text you, these requests can be very convincing.

A computer screen with a magnifying glass increasing the size of the font shown in an email communication from a scammer

Posing as a trustworthy bank representative, an imposter will send false emails containing malicious links or malware. Don’t reply to messages from unknown senders or click on their attachments.

A computer screen that illustrates two images of person falsifying information on the internet

If someone contacts you claiming to be a relationship manager or treasury officer from Bank of America, or other trusted professional, there are clues to help you tell if the contact isn’t legitimate.

Clues a website might be fraudulent: The name of the banker is the website domain, and the site includes a photo of the financial advisor. Also watch for: information about their employment history, including prior employers’ CRD numbers and examinations.

A computer screen with a magnifying glass increasing the size of a contact form provided on a fake website

Clues a website might be fraudulent: The site asks you to supply contact information. It may also have grammar errors, misspellings, awkward phrasing, and poor design quality, including low-resolution images and odd layouts.

A computer screen with a blank email being composed and the arrow points to the ‘cancel’ button

Scammers often try to elicit a strong emotional reaction to get you to fall for their schemes. Don’t feel pressured to respond immediately — this is what they want you to do.

Warning signs to watch for

Recognizing that imposter scams exist and are increasing in prevalence may be the best defense against them. But beyond awareness, there are some common red flags that can help you identify these scams before you fall victim, including:

An unexpected phone call from your relationship manager, which might be a vishing attempt
An urgent request to fill out a form with information that the relationship manager should already have if you’re a client or wouldn’t need if you’re a prospective client
Poor website design quality, including odd layouts and low-resolution images or photos of the manager
Grammatical errors, misspellings, awkward phrasing or misuse of investor terminology
A website domain that uses the name of the relationship manager rather than a reputable firm

Best practices

Imposter scams are successful because of how much legitimate information scammers can mine from publicly available information on the web, enabling them to convincingly impersonate a professional or simulate a professional’s website. But by following these best practices, you can protect yourself and others:

Verify all anomalous communications or requests for payments or personal information by double-checking the sender information and by independently confirming the source using a verified phone number from an official website, bill or statement.
Don’t rely on caller ID to determine if a caller is legitimate.
Never send payments to anyone without independently verifying their identity. Once their identity has been verified make sure to use a known good secondary channel e.g. a trusted and verified phone number found on a legitimate website, bill or statement.
Never give sensitive information, such as account numbers, over the phone or through a website unless you are sure of who you’re interacting with.
Cut off contact at any point with someone you suspect is impersonating a professional.

In addition, being proactive and coming up with a mutually understood defense against imposter scams with your professional contacts can be an effective way to decrease your chances of falling victim.

If you receive any suspicious email or text message that appears to be from Bank of America, forward it to us at abuse@bankofamerica.com.

Remember: Don’t transfer money or make payments as a result of an unexpected phone call or text. Bank of America will never ask you to send us personal information such as an account number, Social Security number, Tax ID or share your One Time Passcode over text, email or online.

¹ “Facts about fraud from the FTC – and what it means for your business,” Federal Trade Commission, February 9, 2024.

² “Imposter Scams,” AARP, March 30, 2022.

Back to Homepage

Explore more

4-minute read

Important Disclosures and Information

Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,“ with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.

Bank of America, Merrill, their affiliates and advisors do not provide legal, tax or accounting advice. Consult your own legal and/or tax advisors before making any financial decisions. Any informational materials provided are for your discussion or review purposes only. The content on the Center for Business Empowerment (including, without limitations, third party and any Bank of America content) is provided “as is” and carries no express or implied warranties, or promise or guaranty of success. Bank of America does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content, regardless of who originates that content, and disclaims the same to the extent allowable by law. All third party trademarks, service marks, trade names and logos referenced in this material are the property of their respective owners. Bank of America does not deliver and is not responsible for the products, services or performance of any third party.

Not all materials on the Center for Business Empowerment will be available in Spanish.

Certain links may direct you away from Bank of America to unaffiliated sites. Bank of America has not been involved in the preparation of the content supplied at unaffiliated sites and does not guarantee or assume any responsibility for their content. When you visit these sites, you are agreeing to all of their terms of use, including their privacy and security policies.

Credit cards, credit lines and loans are subject to credit approval and creditworthiness. Some restrictions may apply.

Merrill Lynch, Pierce, Fenner & Smith Incorporated (also referred to as “MLPF&S" or “Merrill") makes available certain investment products sponsored, managed, distributed or provided by companies that are affiliates of Bank of America Corporation (“BofA Corp."). MLPF&S is a registered broker-dealer, registered investment adviser, Member SIPC, and a wholly owned subsidiary of BofA Corp.

Banking products are provided by Bank of America, N.A., and affiliated banks, Members FDIC, and wholly owned subsidiaries of BofA Corp.

“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets division of Bank of America Corporation. Lending, derivatives, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc., which is a registered broker-dealer and Member of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. is a registered futures commission merchant with the CFTC and a member of the NFA.

Investment products:

Are Not FDIC Insured

Are Not Bank Guaranteed

May Lose Value

Imposter scams are on the rise: Here's how to manage the risks

Key Takeaways

Warning signs to watch for

Best practices

Explore more

Cyber security while traveling