<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1457645420941593&amp;ev=PageView&amp;noscript=1">
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Aurora

Burwell

Daykin

Diller

Fairmont

Fairbury

Geneva

Grafton

Grand Island

Hastings

Kearney

Odell

Ord LPO

Riverdale

Shickley

Update Your Preferences

Close-up of a business person typing on a laptop with cybersecurity interface graphics, displayed alongside the banner text “Business Fraud Prevention Resource Center: Tools, Tips, and Safeguarding Your Business.

Safeguarding Your Business Starts Here

Business fraud is growing rapidly, and even the most prepared organizations can be affected. This resource center is designed to help you understand the most common threats, strengthen your internal controls, and access tools that protect your accounts and your people. When your associates understand the threats out there, they become your strongest first line of defense, because knowledge truly is power.

Common Scams Businesses Need to Watch For

Fraudsters often target businesses because they know companies process high volumes of payments, rely on email communication, and manage multiple accounts. Here are the most common scams affecting businesses.
Bank Support Impersonation (Account Takeover Scam)

What It Is:

Cybercriminals impersonate your bank's support, treasury management team, or fraud department to gain access to your business accounts, often leading to fast, large unauthorized transfers.

How It Works:

Fraudsters contact business owners, payroll staff, or accounting teams pretending to be from a financial institution's fraud or support department.

🚩 Red Flags:

  • Unexpected fraud alerts or "bank support" calls asking for login codes
  • Requests to urgently "verify" payroll or wire information
  • A website that looks real but has a slightly off URL
  • Caller saying your business account was used in a crime
  • Being asked to give remote access
  • High-pressure tactics

What To Do:

  • Never share Multi-factor authentication codes, passwords, wire tokens, or secure access credentials with anyone
  • End the call and contact Heartland Bank using a known, verified phone number
  • Train employees to identify and report suspicious contact immediately
  • Bookmark your online banking URL; do not search for it
  • Implement dual control on all ACH and wire activity
  • If an Account Takeover incident is suspected:
    • Contact Heartland Bank immediately to initiate wire recalls
    • Reset all potentially compromised credentials
    • File a report with ic3.gov

Helpful Link:

Internet Crime Complaint Center (IC3)

Business Email Compromise (BEC)

What It Is:

A scam where criminals impersonate executives, vendors, or employees using look-alike email addresses to trick your business into sending money or changing payment details.

How It Works:

Fraudsters compromise or spoof a business email account and send urgent payment requests, updated banking information, or instructions to bypass normal approval processes. They often study your company's communication patterns to appear legitimate.

🚩 Red Flags:

  • Requests to "keep this confidential."
  • Urgent or last-minute payment changes
  • Emails coming from look-alike domains (ex. ".co" instead of ".com")
  • Unexpected requests from executives or vendors
  • Changes to wiring or ACH instructions sent by email only

What To Do:

Always verify payment change requests by phone using a known, trusted number. Require dual control for wires and ACH. Report suspicious messages to your IT department and Heartland Bank immediately.

Helpful Links:

Internet Crime Complaint Center (IC3)

Business Email Compromise Continues to Swindle and Defraud US Businesses

Payroll Scams

What It Is:

Scammers pose as employees to reroute payroll deposits into fraudulent accounts.

How It Works:

A fraudster sends an email pretending to be an employee, asking HR or payroll to update direct deposit information. The new account belongs to the scammer, and the employee never receives their paycheck.

🚩 Red Flags:

  • Last-minute changes to payroll info
  • Requests sent via personal email accounts
  • Misspellings or unusual wording in employee "emails"
  • Urgent demands made right before payroll processing

What To Do:

Require in-person or verified phone confirmation for payroll changes. Use secure employee portals for updates instead of email. Notify your bank and employee immediately if payroll diversion is suspected.

Helpful Link:

Cybercriminals Utilize Social Engineering Techniques to Obtain Employee Credentials to Conduct Payroll Diversion

Vendor Invoices & Payment Scams

What It Is:

Fraudsters impersonate legitimate vendors to submit fake invoices or request updated payment information.

How It Works:

Scammers send realistic-looking invoices, spoof vendor email addresses, or claim that payment accounts have changed. Businesses unknowingly send funds to fraudulent accounts.

🚩 Red Flags:

  • Email addresses with slight variations from the real vendor
  • Requests to update bank details sent only by email
  • Invoices with new formatting, wording, or logo errors
  • Payment requests that don't match past patterns

What To Do:

Verify invoice and account changes by calling your vendor using a known phone number. Use ACH blocks & filters. Review invoices carefully for inconsistencies. 

Helpful Link:

Better Business Bureau Scam Tracker

 

Check & ACH Fraud

What It Is:

Unauthorized withdrawals, altered checks, fraudulent ACH debits, or counterfeit checks targeting business accounts.

How It Works:

Scammers steal or duplicate checks, alter payee information, or submit ACH debits without authorization. Fraudsters may also send counterfeit checks as "payments" and ask for refunds.

🚩 Red Flags:

  • Unrecognized ACH debits
  • Returned checks with altered details
  • Requests to "refund" part of a check payment
  • Missing checks from the mail or office storage

What To Do:

Enable Positive Pay and ACH Filters/Blocks. Reconcile accounts daily. Report suspicious transactions immediately; early detection increases your chance of recovery.

Helpful Link:

Mail & Package Theft

Ransomware & Malware Attacks

What It Is:

Cyberattacks where criminals lock your systems or steal data, demanding payment to restore access.

How It Works:

Employees unknowingly click on malicious links or download files that install malware. Hackers encrypt systems, steal sensitive data, or disrupt operations until a ransom is paid, often in cryptocurrency.

🚩 Red Flags:

  • Unexpected pop-ups urging immediate action
  • Emails with attachments from unknown senders
  • System slowdowns or programs that suddenly fail
  • Strange login attempts or password resets

What To Do:

Train staff on phishing. Keep all software updated. Use Multi-Factor Authentication (MFA) for all logins. Back up systems regularly and store backups offline. Contact IT and report incidents immediately.

Helpful Link:

Stop Ransomware

Tech Support & IT Impersonation

What It Is:

Scammers pose as IT providers or software support teams to gain access to business systems.

How It Works:

Fraudsters call or email pretending to be from Microsoft, your internal IT team, or a software vendor. They request remote access or ask you to install "updates" that contain malware.

🚩 Red Flags:

  • Unsolicited IT calls or emails
  • Requests for remote access or passwords
  • Threats that your system will "shut down" if you don't comply
  • Caller ID spoofing appearing as your IT company

What To Do:

Never allow remote access unless you initiated the request. Confirm suspicious IT messages with your internal team. Train employees to recognize spoofing.

Helpful Links:

Phishing - FTC Business Guides

Tech Support Scams - FTC Business Guides

Cybersecurity for Small Business: Tech Support Scams PDF

AI-Generated Business Scams

What It Is:

Fraud that uses artificial intelligence (AI) to generate realistic emails, voices, documents, and messages designed to deceive businesses.

How It Works:

Cybercriminals use AI to create synthetic voices ("voice clones"), deepfake images, hyper-personalized phishing messages, fake vendor documents, and chatbots that mimic customer service or colleagues. AI can also analyze fraud detection patterns to avoid triggering alerts.

🚩 Red Flags:

  • "Executives" calling with voices that sound real but slightly off
  • Unusual wording or tone in emails that otherwise look legitimate
  • Payment requests that feel too urgent or out of character
  • Emails with context that only your internal teams should know
  • "Vendors" providing documents that appear perfect but generic

What To Do:

Implement strict verification steps for voice and email requests. Train employees on AI red flags. Use Multi-factor Authentication everywhere. Confirm all payment changes with a verified phone call or in-person documentation.

Helpful Link:

FTC Launches Inquiry into AI Chatbots Acting as Companions

Business Fraud Protection Tools

Protecting your business starts with the right tools. Here are the features and services offered by Heartland Bank that help safeguard your company's finances.

🔐 Online Business Banker

Manage your business accounts securely 24/7. Transfer funds, view balances and checks, initiate payroll and ACH payments, and provide access permissions to your team with defined roles. 

🛡️ Positive Pay

A powerful fraud deterrent that compares your issued checks to those presented for payment each business day. Discrepancies are flagged for your review so you can stop potential check fraud before it becomes a loss.

💻 ACH Origination

Make secure recurring payments like payroll, taxes, and vendor disbursements with direct ACH processing, reducing physical checks that can be lost, stolen, or altered.

📣 HB Alerts

Receive instant notifications for account activity, transactions, and balance changes. Alerts help business owners quickly spot unauthorized activity so you can take action fast.

Business Security Best Practices

BETH3

 

  • Require dual control for all ACH and wire transactions
  • Conduct regular employee fraud training
  • Restrict account access with role-based permissions
  • Use company-owned devices for banking
  • Keep antivirus & software up to date
  • Verify all payment change requests by verified phone numbers
  • Reconcile accounts daily

 

FEATURED POSTS

News & Stories Cybersecurity Security

🚨 Payroll Scam Alert: Protect Your Business Before It’s Too ...

By  Heartland Bank    On 7 November 2025
At Heartland Bank, we care deeply about your financial security — because when our local businesses thrive, our communities thrive. Recently, we’ve seen an increase in a specific ...
Read more
News & Stories Cybersecurity Security

Scam Alert: Fraudulent calls circulating in our area

By  Heartland Bank    On 5 November 2025
At Heartland Bank, your security is our top priority. Recently, we’ve been made aware of a scam targeting customers with phone calls claiming to be from the fraud department. ...
Read more
News & Stories Cybersecurity Security

Beware of PPP Loan Scam Targeting Small Business Owners

By  Heartland Bank    On 23 October 2025
⚠️ Scam Alert: The Nebraska Department of Banking and Finance is warning PPP loan recipients about a new scam that’s circulating across the state. Scammers never seem to rest—and ...
Read more
Heartland Bank associate smiles while speaking on the phone at the front desk. A banner beside her reads “Got questions? We are here to help,” with a bright green “Contact Us” button.
logo-fdic.svg   logo-ehl.svg
© 2026 Heartland Bank

Internet Explorer 10 Support Notice

Due to recently increased security requirements, we at Heartland Bank are no longer able to support version 10 or older of Internet Explorer. We are sorry for this inconvenience, and encourage you to upgrade to more secure options such as Internet Explorer 11, Google Chrome, or Mozilla Firefox.

Upgrade to Internet Explorer 11
You’re about to leave Heartland Bank to visit our trusted partner site. We included this resource on our site because we think you’ll find the information relevant to what you’re looking for. However, since it’s not operated by Heartland Bank, we can’t be accountable for the content you find there. If you have any concerns about the site you’re visiting, we encourage you to read and evaluate the privacy and security policies of the site, just in case it differs from Heartland Bank’s. Ready to go?
Yes, Let's Go!