Online Banking

How to Protect Your Accounts from Fraud: Identifying & Avoiding Common Scams

Hand holding magnifying glass hovering over a lock.


Identifying & Avoiding Common Scams


As technology improves to make our lives easier, you might be finding yourself growing more dependent on mobile apps and digital payments in your daily life than ever before. Now a days, you can accomplish almost anything online – from paying bills and managing money to ordering take-out and binge-watching your favorite shows.

Although the convenience of smart phones has made many aspects of our lives much easier, it’s also created a variety of new opportunities for scammers to commit fraud. In 2020, American lost $3.3 billion to scams, doubling what was lost in 2019, according to the Federal Trade Commission (FTC).

By knowing and understanding how fraudsters are attempting to execute their schemes, you’ll be able to identify and avoid common scams.

Below, you’ll find the following items to help you be prepared to recognize and act upon potential scams, including:

    1. An outline of the ways scammers try to contact you.
    2. A list of some of the latest and most frequent scam attempts in 2023, including an example of each, and details on how to keep your personal information and finances safe.
    3. Resources to assist with scam attempts you may receive.

BONUS:  We recommend bookmarking this page for easy future access. 



To begin, let’s look at the types of communication you might receive.


A man receiving an incoming suspected spam call on his phone. The network provider detect the scam and show warning sign to rejects the call.


Phishing & Spoofed Phone Calls

Attempts to scam you via phone could come from either a robocall or a real person. The phone number can look legitimate, as real phone numbers can easily be disguised or spoofed.

Phone spoofing is when the caller disguises the real phone number of an incoming call on your caller ID. Spoofed phone numbers can look like they’re coming from a local area or organization, which increases the chance of people answering.

To learn about spoofed phone numbers and how to spot them, you can watch this video from the Federal Trade Commission:

Once a scammer has you on the phone, they’ll do whatever they can to convince you to hand over your personal information willingly. They will use tactics like:

  1. Claim they’re from an important company, like a bank, utility company, IRS or even the police.
  2. Scare you or instill a sense of urgency to “comply” with their requirements.
  3. Tell you they need information to resolve the issue, like your social security number, bank account number, username/password or even a wire transfer. However, they may ask for more obscure-seeming information, like your last street address or your mother’s maiden name – information that is commonly used as answers in security questions or to verify your account.


If you answer a call that turns out to be suspicious, the best course of action is to hang up and call the company back directly on a confirmed phone number you find online. No company will ever ask you to share any of this personal information over the phone, especially when they contact you first.


Man hands using smart phone that says "SCAM!"


SMS & Text Messages

Like phone calls, text messages are a very convincing way to entice you to divulge personal information to receive an exciting offer or promotion, or, to confirm some type of business transaction. This method is a little easier to identify, as fraudsters cannot disguise their phone number (or email address) at this time. Your suspicions should rise if a cryptic text comes from an unknown number, especially if you did not sign up to receive a text message from that company.

Text messages are typically only used by businesses to confirm your appointment or provide a one-time login code (which, by the way, you should never share with anyone either), but laws require businesses to ask for your permission to send you a text, although sometimes it’s buried in their terms and conditions.

A good gut-check:  do you do business with the organization claiming to contact you? Were you expecting them to reach out? If the answer is no, it’s likely something fishy, even if they contact you in regards to fraudulent activity.

If you receive a text that looks suspect (no one will ever text you that you’ve won something you didn’t enter for!), do NOT click on any link and don’t reply. A quick Google search will likely confirm a scam attempt.


Concept of cyber crime, businesswoman using computer and show malware screen that comes with email, hack password from bank accounts and personal data.



Like the two methods we already discussed, scammers will attempt to email you with a variety of tactics to gain your personal information. Unique to email, they can also use this form of communication to install a virus on your computer without your knowledge, which can then track your online activity, including the ability to steal usernames and passwords.

Red flags for emails include a generic, “helpful” name – like Help Desk or Administrator, a short or nondescript direction to click on a link, or an attachment/download that you weren’t necessarily expecting.

To investigate further, you can follow this quick check list:

  1. “from:” line. Check the sender information. The email address is likely not what it appears, even if the name looks real. If you don’t know the email or it doesn’t match up with the company information within the message, it is probably fraudulent.
  2. “to:” line. Who else was the email sent to? If there are dozens of people in the “to:” line, that’s another good indicator it’s an attempt to deceive, especially if you don’t recognize any of the other people.
  3. Typos and grammatical errors. Obvious spelling and grammatical errors are generally a good indicator, but sometimes not enough to expose the scam attempt.

Rule #1:  never click a link, open an attachment or download a file from someone you don’t know. If you do know the sender, ask yourself questions like, “Do they typically write like this? Do they send emails like this often? Can I call or text them to confirm this email is actually from them and this link is real?”

Delete suspicious emails immediately or at minimum, report them as spam.


Portrait of African-American man receiving mail at the mailbox.


Physical Mail

Finally, believe it or not, scammers still use USPS (United States Postal Service) to try to get your information. Like a phone call, a letter will sound threatening or have a sense of urgency within. They often ask for cash, a check, a wire transfer, or for you to fill out and return a form. They might even provide return postage to make it easier for you!

Key indicators that it’s not real:

  1. a return address that is nondescript with no company name
  2. an “urgent” or “confidential” stamp of some kind on the exterior envelope
  3. a return envelope with a P.O. Box (can’t be tracked!)
  4. OR, any request for money that isn’t a bill you were expecting.

If you receive a questionable piece of mail, again, reach out to the company via a verified phone number (not the phone number within the letter) to ensure the request is legitimate. If it’s not real, shred and discard/recycle the envelope and letter.


Fraud alert digital laptop computer crime warning.



Next, we’ve identified the scams that are new and popular for criminals this year.

SMS text message detailing multiple failed attempts to login to Venmo resulting in an account freeze scam.


“Locked” Account

Fraudsters will spoof a popular company like Netflix, Venmo or Amazon and contact you saying your account has been locked due to “multiple failed login attempts to your account”. They’ll then request you to click on a link to “recover” your account.

What an attempt might look/sound like: “Your Amazon Account has been locked. We recently received multiple failed login attempts to your account. Recovery of your account immediately click link below: https://________. Please take action on your account within 48 hours to avoid permanent suspension.”

How to stay protected: Don’t click on the link provided. This message is a scam that tricks people into clicking a link to a fake account recovery page. This page steals the personal and financial information entered, such as login credentials and credit card numbers. To verify the safety of your account, you can contact the business’s support team, which can be found with a simple search for “contact [business’s name] support team.”


SMS text message detailing a failed package delivery scam.

Retail Delivery Drivers or Surveys (think Amazon and Apple, the most common or Walmart, Costco, Best Buy, etc.):

Scammers pose as a pending delivery service or reach out to offer a gift card in return for a survey – or for no reason at all.

What an attempt might look/sound like:  “Click to confirm your upcoming delivery:  https://________” or “Home Depot wanted to have you join our March, 2022 Questionnaire Anyone that complete it by Mar 31st will receive a no-cost $100.00 Gift https://________”

How to stay protected:  Don’t click a link from a number or email you don’t know. If you didn’t sign up to receive text messages from the business, you can expect it’s a scam attempt. Google the phone number or email address to see if anything pops up. Remember that scammers can change how a name appears in an email address, so you may have to hover over the name to reveal the address itself. Report the phone number or email as spam.


SMS text message detailing a debit-card lock scam.


Bank/Credit Card Freeze:

Criminals have been texting a scary-sounding alert that your credit or debit card is locked, and directing to call to get it resolved immediately.

What an attempt might look/sound like:  “Call 0123456789 NOW – your VISA Card is temporarily locked (ID: D9nuzAgbXn93)”

How to stay protected:  Match the phone number provided to the one on your card. If it’s not the same, this is a scam. You can call the number on your card to double check. Never call the number in the voicemail, email or text.


SMS text message requesting a peer-to-peer transfer for groceries scam.


Peer-to-Peer (P2P) “Cash” Payments:

Fraudsters will send an urgent request for monetary help, sometimes due to a natural disaster or illness, and request payment via a peer-to-peer money-transfer app. They might use a generic name, or even have hacked a friend’s Facebook account to appear more convincing.

What an attempt might look/sound like: “Hey it’s Adam. I need $150 can you help? Send me a PayPal to @0123456789” or “This is Steven from your bank. We need you to confirm your P2P account – please call 123-456-7890 to continue using your account.”

How to stay protected: P2P is incredibly convenient and safe to send money to your friends and family, but not to a stranger. It’s essentially like putting cash in the mail. Never send money to someone you don’t know, especially an account that cannot be verified, as it becomes very challenging to get back.


Close up U.S. taxes papers


Tax Debt Threat:

Scammers have been pretending to be federal and state tax collection agencies or even law enforcement officers reaching out to “settle your tax debt.”

What an attempt might look/sound like: “Hi, this is Barbara calling from the IRS. You owe $1,072 for your 2022 tax return. To avoid prosecution, call 123-456-7890 to make a payment now.”

How to stay protected: Although these calls or letters might sound incredibly threatening, the IRS will not approach you in this way, nor will they ask you for passwords, bank account or credit card information. You can always call the IRS to verify. If you’re unsure, use their main phone number to call them directly, not the one provided to you in this questionable communication. We’ve included their number in the resource section at the end of this post.


Cryptocurrency decorative image


Cryptocurrency via Apps or ATMs:

Imposters will pretend to be utility agents, government officials or sweepstakes representatives and ask you to pay a bill or fee by sending cryptocurrency from a convenience store ATM, or via downloading an app.

What an attempt might look/sound like: “Hello Jan, your water bill is overdue. Pay via crypto now to avoid penalty. Download the crypto app to pay:  https://________”

How to stay protected: Government officials and law enforcement will never ask you to pay with cryptocurrency, so don’t take the bait.


Close-up image of male hands using mobile smartphone with icon graphic cyber security network of connected devices and personal data information.



As you may have gathered from these latest scams, fraud attempts always have a few critical elements that give them away, no matter how convincing a scammer might be. Below are the common red flags and quick tips to help you identify potential fraud and protect your personal data.


Red Flags:  warnings that almost always indicate a potential scam…


  1. There’s an emergency/problem.
  2. Fast payment is required.
  3. You won something.
  4. They want your information (even something that seems minute, like your address).
  5. The message seems cryptic (“Look at this!”) or has poor grammar, misspellings.
  6. You didn’t initiate the conversation.
  7. You feel panicked or scared.


Rules of thumb:  to keep your information, and your money, safe…


  1. Don’t pick up calls from unknown numbers – let them go to voicemail.
  2. Don’t click on links in texts, emails or other messages from anyone not in your contacts. If you’re unsure, copy and paste the link into your browser to see the true web address, but don’t hit “Enter.”
  3. Assume people and companies aren’t who they say they are. For example, it’s quite simple to create a new Facebook account using the same profile picture as a friend of yours, then add you as a friend and contact you. If a friend you haven’t talked to in a while suddenly sends you a message with a link, be suspicious. Similarly, a fake email doesn’t have the correct domain – look carefully, as it can be tricky – they might try ‘’.
  4. When in doubt, reach out to the person or company through a secondary contact method, that you know is legitimate, to verify.
  5. Ask a friend or family member to take a second look at a message you suspect might be a scam attempt.
  6. Never give out information to someone who initiated contact with you – even your address or a pet’s name – it may be the last missing piece in accessing your accounts.
  7. Ensure your antivirus software is up to date.
  8. If you feel flustered, slow down, take a breath, and trust your gut. Nothing legitimate requires an immediate, urgent response.


As always, we’re here to help at Bank of the Bluegrass. Read more about phishing on our blog HERE. If you’re concerned about potential fraud or unsure about a message you received, please call us at (859) 233-4500.


Metal padlock with gray credit card, white keyboard and electronic circuits on background.


While all consumers are equally susceptible to falling victim to fraud, senior citizens are one of the most targeted groups. The AARP (American Association of Retired Persons) has developed a special website for fraud watch that provides information and education on how to best protect this vulnerable demographic. To sign up for fraud watchdog alerts, read news and information, and to report fraud, go to:

You can report consumer fraud with the Federal Trade Commission at


Other Important Phone Numbers & Contact Info:


  1. IRS:  (800) 829-1040
  2. Social Security Administration:  (800) 772-1213
  3. Robocall blocker:


For additional information on this topic, please visit Banks Never Ask That:

This post is for informational purposes only. No one method alone will protect from fraud.