These are a scammer’s top 3 New Year’s resolutions.
Online fraud is always evolving. Here are the top 3 fraud tactics scammers are planning to try in 2025, and what you can do to keep your business one step ahead.
Scammer resolution #1: Steal your sign-in
Scammers use malicious advertising, known as Malvertising, to steal your sign in credentials and other sensitive information. They purchase search engine ads for certain keywords or brand names, like social media, shopping or online banking sites. Then, they set up spoofed, or fake, versions of these sites. Here’s how it works:
- First, you search. You use Google or another search engine to look up the Amazon sign in page.
- Then, you click. You click on the first result that appears, which will be under “Sponsored” or “Ad” and looks like a legitimate link to the Amazon sign in page.
- Finally, they steal. You’re redirected to a spoofed version of the site and, when you enter your sign in details, the scammer now has access to your personal information.
Stay one step ahead of Malvertising:
- Never use a search engine to find the sign in page for important websites. Instead, bookmark the legitimate site so you don’t have to search. Here's how to find the legitimate sign in page for Online Banking for Business.
- If you must use search, skip the results listed under “Sponsored” or “Ad” and always verify links in search results. Scammers will often change a single letter or use a different domain.
- Require 2-step verification when signing in to important accounts. Here’s how to set it up in Online Banking for Business: What is 2-step verification?
Scammer resolution #2: Deepfake someone you trust
Deepfakes are AI-generated images, videos and audio that closely mimic real people. Similar to email or text-only Business Email Compromise fraud, scammers use publicly available audio and video to create convincing imitations, usually of a trusted executive or senior leader, and ask for an urgent payment or sensitive information. This can look like:
- Deepfake phone calls. You receive a call from a trusted leader at your company, asking you to transfer funds to help complete a business transaction. You also receive a follow-up email with more details about how to make the transaction. Everything looks and sounds real.
- Deepfake video calls. You receive a meeting request from a senior leader. When you join, you see them on screen. They ask you to send sensitive files about a client to a new colleague who is working on a lucrative deal with the client. Again, everything looks and sounds real – although the request is unusual.
Stay one step ahead of deepfake scams:
- Always verify any unexpected requests, especially ones that are unusual or contain an element of urgency. Call the requestor back on a number you know to be legitimate to confirm the request. Learn more about other types of payment request scams.
- If you have concerns during a conversation, ask a question that only the real participant would know and that can’t be answered based on their online presence – such as something that happened in the office, or something about a previous conversation you had with them.
- Establish a secret code word or answer as part of your standard procedure for handling one-off payment requests.
Scammer resolution #3: Hide scams in code
QR codes are a convenient way to access menus, event tickets and even full websites from your phone. But because they are so simple and quick to create, they’ve become an effective phishing tool for scammers to steal your information. They may send you to a faked website where you’re asked to enter your sign in credentials, or install malware on your device that steals your account credentials and other personal information. You may receive:
- QR codes in emails and texts. Scammers will send a text or email appearing to be from a legitimate business. They’ll tell you there’s a problem with your account – such as Netflix, Amazon or your bank - that must be corrected immediately. They include a QR code for you to access your account.
- QR codes in the mail. Scammers may send letters that appear to be from a legitimate company including a QR code you can scan to pay a late bill, receive forgiveness on a loan or get a discount on services.
Stay one step ahead of QR code scams:
- Don’t scan QR codes that have been unexpectedly texted or emailed to you, especially if they are asking you to scan it to access an account that you own.
- If you get a message asking you to take immediate action, use a phone number or website you know to be real to contact the company.
- Sign up for alerts so you’re informed of any activity in your accounts. Here’s how Alerts work in Online Banking for Business: How to create an alert
Remember:
We’ll never ask you for personal information or account details by phone or email. If you feel your privacy or security has been compromised, please contact your BMO representative immediately or email us at phishing@bmo.com