Types of Fraud & How to Recognize Them

Learn how to spot these common scams

Knowledge is power when it comes to protecting yourself from fraud. While fraudsters are constantly looking for new ways to attempt to take your money, personal information or gain access to your accounts, most scams boil down to the same common methods.

By learning how to spot a scam, you can avoid becoming a victim. Click on the tiles below to learn more about these digital and in-person types of fraud. If you believe you have been a victim of fraud, click here to report it.

More types of internet fraud to watch for:

Shield with dollar sign on computer screen


A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through phishing emails to end users, resulting in the rapid encryption of files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as bitcoin, at which time the attacker will purportedly provide an avenue to the victim to regain access to their data.

Bug with target lock

Malware or Scareware

Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.

Locked shield with crack in edge

Data Breach

A leak or spill of data that is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected or confidential information that is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.

Business with email in front of it

Business Email Compromise (BEC)

A sophisticated scam targeting businesses working with foreign suppliers or companies that regularly perform wire transfers or other electronic payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

Home with email in front of it

Email Account Compromise (EAC)

Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised emails to request payments to fraudulent locations.

Computer with caution sign on screen

Denial of Service

An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.

Three Common Fraudster Tactics


Fraudsters are skillful at creating unsolicited text messages, emails or links to websites that appear realistic, but they are fake and threaten the security of your accounts if you engage with them.


Fraudsters like to create a sense of urgency or scarcity, so you’ll be less likely to think before you act.


Scammers often pose as authority figures in an attempt to make demands without being questioned. They might even identify themselves as RBFCU employees.

Still from

Webinar: Navigating Through Fraud in a Digital World

Learn about current fraud trends and how to protect yourself from becoming a victim from Alexander Aguillen, RBFCU Assistant Vice President of Enterprise Fraud Management.

Still from It's a Money Thing

How to Spot Scams and Why We Get Scammed

By staying calm in high-stress situations and by giving ourselves a little extra time to think, we’re better able to save ourselves from making costly mistakes.

Signs of a Scam: What to Watch for

Always be cautious when you receive any urgent communication from a financial institution — whether it’s an email, phone call, text message or mobile payment app request. When in doubt, don’t respond to these messages; contact your financial institution instead to verify the message is legitimate. If you treat all messages as potential risks, it will help protect you from falling victim to fraud. Here are some tips to help spot these common scams.

Signs of an Email Scam

Suspicious person coming out of email message

The link or text looks suspicious

If you receive a link from a financial institution asking you to click and take an immediate action on your account, pause to verify the link is legitimate before clicking it.

Hover over the link to see where it actually goes. The real URL will display in the bottom left corner or in a pop-up in most web browsers or email programs.

If you think the email might be legitimate, call your financial institution or visit its website directly by typing a URL you know is correct in your web browser’s address bar. Better yet, bookmark the website in your browser, so you can be sure you’re always using the correct link.

If you notice misspelled words, grammatical errors or phrasing that “just doesn’t sound right,” these are also signs that you may have received a phishing email from someone pretending to be your financial institution.

Computer with caution sign on screen

You're pressured to make an immediate decision

Financial institutions won’t email you to verify your username and password or make an immediate payment, but fraudsters will.

If you’re asked to make an urgent decision, be skeptical.

No matter how legitimate an email looks, never reply to an email with personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account or credit card numbers.

Scary attachment in an email

You're sent an attachment you weren't expecting

Financial institutions won’t send you documents that you aren’t expecting via email, but fraudsters may use attachments as a way to infect your computer with viruses, spyware, malware or ransomware.

If you receive an unsolicited attachment from your financial institution, contact them to verify it’s legitimate before opening it and potentially infecting your computer!

The only exception is if you’ve been communicating with your financial institution regarding a transaction, like finalizing a loan. If you’ve started a transaction, you may receive documents to complete it via email — but only after you’ve initiated contact.

Signs of a Phone Scam

Fraudster calling on the phone

The caller ID doesn't look correct (or maybe it does!)

Fraudsters can manipulate caller ID so a call may look like it’s coming from your financial institution, even if it’s not!

Always be on alert when you receive an incoming call from your financial institution.

It’s OK to hang up — even if you’ve already began a conversation or when the call sounds legitimate — and call your financial institution back at a verified phone number listed on its website or account documents. Don’t worry about being rude — it’s better to be safe!

Stranger asking for your personal information

You're asked to provide personal information

Your financial institutions may ask you for personal information to verify your identity when you call for assistance — but never when you haven’t initiated the call!

Financial institutions will never reach out to you and ask you to provide personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account or credit card numbers.

Mobile phone receiving alert

You're asked — or threatened! — to make an urgent decision

Fraudsters rely on creating an urgent or scary situation in order to catch you off-guard and pressure you into making a decision without thinking.

Examples include calling you to tell you your account will be closed or that fraud has been detected — yup, fraudsters will claim they’re trying to help you with fraud to gain your trust!

If your financial institution reaches out to you, don’t provide any personal information and don’t make any snap decisions. Remember, it’s OK to hang up and call your financial institution back at a verified phone number, even when you think the call might be legitimate or you’ve already begun a conversation.

Signs of a Text Message Scam

Mobile phone receiving alert

You're alerted to a serious situation

Oh no! You receive a text message saying there’s a problem with your account, and you should sign in to fix it immediately!

Stop and pause for a second: Financial institutions will never text you and ask you to sign in to your account, or ask you to provide or verify personal information via text message.

Although you may receive text messages from your financial institution regarding things like debit and credit card fraud, transfers, transactions or demographic changes, you’ll never be asked to sign in or provide personal information via text to address those situations.

If you think there may be a problem with your account, you can always contact your financial institution directly to ask.

A scary link asking you to sign in

You're sent a link to click

Your financial institution won’t send you a link to verify your username or password, or ask you to sign in and take action on your account.

Be wary of any text message asking you to sign in to a website. If you think it might be a legitimate text message, contact your financial institution directly by phone. You can also send a secure message or chat with a representative by visiting your financial institution’s website.

Just don’t click that link in the text message — type your financial institution’s verified URL directly in your browser’s address bar or click a bookmarked link instead.

Stranger asking for your personal information

You're asked to text back with personal information

Your financial institution will never text you and ask you to verify or provide personal information like usernames, passwords, one-time passcodes (OTP), PINs, Social Security numbers, or account, debit card or credit card numbers.

Never, ever provide this information via text message or a link sent via text message.

Signs of a Mobile Payment App Scam

Accessing banking accounts on mobile phone

You receive a phone call or text about a mobile payment app

Scams where a fraudster asks you to send money via a mobile payment app usually start with a phone call or text message encouraging — or demanding! — immediate payment to avoid a dire consequence.

Stop and pause before sending money: Fraudsters count on scaring you into making rash decisions.

Your financial institution will never contact you and ask for a payment via a mobile payment app like Zelle®, Venmo® or CashApp™. It’s a scam.

If you think there might be trouble with your account, hang up or don’t respond, and contact your financial institution directly via a verified phone number or their website to get assistance.

Fraudster calling on the phone

You're asked to use a mobile payment app to pay someone you don't know

You’re shopping on Facebook® Marketplace or Craigslist®, and see something you’d like to buy. The seller says they’ll hold the item for you — but only if you use a mobile payment app to send them part or all of the item’s cost.

Don’t do it! Mobile payment apps are the same as sending someone cash. If the seller is a scammer, you’ll never see that money again!

Only use a mobile payment app to provide payment to someone you know, like family and friends, and never provide payment to someone until you receive the item. This guide from Facebook has more tips to stay safe when buying and selling on Facebook Marketplace.

Urgent request for payment

You're asked to make an urgent payment via a mobile payment app

You receive a phone call telling you a payment via Zelle®, Venmo® or CashApp™ is needed immediately or you’ll be arrested — or audited by the IRS, or your account will be overdrawn and you’ll incur fees. Hang up, because it’s a scam!

Government agencies and financial institutions will never request money be sent via mobile payment app (or gift cards or other unconventional payment methods). Most won’t call you either; instead, you’ll receive a letter in the mail.

Fraud in the News

If you believe you have been a victim of fraud, click here to report it.

1The MetLife Study of Elder Financial Abuse: Crimes of Occasion, Desperation, and Predation against America’s Elders (New York, NY: MetLife, June 2011) [available at https://vtechworks.lib.vt.edu/bitstream/handle/10919/24184/mmi_elder_financial_abuse_2011.pdf].

All trademarks and brand names belong to their respective owners. Use of these trademarks and brand names do not represent endorsement by or association with RBFCU.

RBFCU will never initiate a phone call, email or text message to anyone — members or non-members — asking for your sign-in information, including usernames, passwords, security questions and answers, multifactor authentication (MFA) codes, MFA recovery codes and one-time passcodes (OTP), or other personal information, like account, credit card, debit card or Social Security numbers.

If you receive a suspicious phone call, email or text message, hang up, do not respond to the message, do not click any links, and do not open any attachments. Forward any suspicious emails and text message screenshots to abuse@rbfcu.org, then delete the message. If you believe your account, username or password has been compromised, you should immediately contact RBFCU at 210-945-3300 for assistance. Additionally, members should monitor their accounts regularly and report any suspicious transactions.