Header Content
First Commonwealth Bank Logo
Open Account
1-800-711-BANK (2265)
Menu Contents Start Main menu
Menu Contents End
Main Content
Fraud Prevention Resources

Evolving Fraud Trends for Consumers

Fraudsters are always changing their strategy and trying to take advantage of new technology and trends. It's important to educate yourself on those strategies so that you can best protect your finances and confidential information.

AI-Assisted Deepfake Bank Fraud

Fraudsters use generative artificial intelligence (AI) to create audio and video "deepfake" files designed to deceive banks and customers. These realistic digital assets often impersonate a trusted individual, such as a loved one or a company employee. Criminals will then include these files in communications that aim to trick the recipient into providing funds or sharing sensitive information.

Preventing AI-Assisted Deepfake Bank Fraud

1. Strengthen Your Banking Security

  • Always use Multi-Factor Authentication and turn on text/app codes, security keys, or biometrics.
  • Use official bank apps/websites only.
  • Set up account alerts for instant notifications for logins, transfers, or balance changes.

2. Be Skeptical of Voice/Video Requests

  • Don’t trust voices alone: Fraudsters can clone a loved ones or banker’s voice from a few seconds of audio.
  • Have a “safe word” with family: A shared code word that confirms a call is real.
  • If unsure — hang up and call back: Use the number on the back of your credit or debit card, not the one provided in the call/text.

3. Protect Personal Data

  • Limit what you share online: Avoid posting high-quality videos/audio that fraudsters can use to train AI models.
  • Lock down social media: Restrict public access to your posts, especially financial or family details.
  • Shred sensitive documents: Prevent fraudsters from gathering supporting info for scams.

4. Know the Red Flags of Deepfake Fraud

  • Requests that are urgent (“transfer money immediately”)
  • Requests that are secretive (“don’t tell anyone”)
  • Instructions that bypass normal channels (“just send the payment now, I’ll explain later”)

QR Code Phishing

Also known as “quishing,” this scam uses fake QR codes posted in public places or sent via email or text to deceive victims into visiting fraudulent websites. Once an intended victim scans the code and lands on the website, the fraudsters will attempt to harvest personal details or have the victim install malware on their device. The criminals can then use the details or malware to access victims’ accounts and sensitive information.

Preventing QR Code Phishing (Quishing) for Customers

1. Be Careful Before Scanning

  • Don’t scan random QR codes: Fraudsters stick fake codes over legitimate ones (ATMs, parking meters, menus).
    Check for tampering: If a QR code looks like a sticker on top of another, it may be malicious.
    Don’t scan from unsolicited emails/texts: Treat QR codes like suspicious links.

2. Verify the Website Before Entering Info

  • Preview the URL first: Many phones show the website link before opening it — look for spelling errors or strange domains.
  • Never enter banking login info after scanning a QR code unless you’re 100% sure it’s your bank’s official site.
  • Look for HTTPS (padlock symbol) but remember, even some scam sites now use HTTPS.

3. Safer Scanning Practices

  • Use your bank’s app directly: If a QR code claims to link to banking or payments, open your official app instead.
  • Use your phone’s built-in QR scanner (camera app) instead of random third-party scanner apps, which may be less secure.
  • Turn on browser phishing protection: Keep your phone’s browser and security settings updated.

4. Spot Red Flags.

  • Messages that sound urgent (“scan now to avoid account freeze”).
  • Offers that feel too good to be true (rewards, gift cards, free prizes).

5. Protect Yourself Financially

  • Enable account alerts for logins, transfers, and card use.
  • Use multi-factor authentication (MFA): Even if scammers get your password, they can’t log in without your second factor.

Authorized Push Payment (APP) Fraud

This type of fraud tricks victims into using an Authorized Push Payment (APP) to send money to a fraudulent account. The fraudster will often make the request for payment seem legitimate by impersonating an actual, trusted business, person, or government entity. Because the victim is tricked into actively authorizing the payment, the funds lost are often harder to recover.

Preventing Authorized Push Payment (APP) Fraud

1. Always Verify Before You Pay

  • Pause before sending money: Scammers pressure you to act fast. Real banks/companies won’t.
  • Call back on a trusted number: If contacted by phone/text/email to make a payment, hang up and call the official number on your debit card or statement.
  • Double-check payee details: Even a small change in account name/number could mean fraud.

2. Know the Common APP Fraud Scenarios

  • Impersonation scams: Criminals pretend to be your bank, utility company, IRS, or even the police.
    Romance scams: Fraudsters build trust online and then ask for money.
  • Investment scams: Fake opportunities promising “guaranteed” returns.
  • Invoice/mandate scams: Criminals pose as builders, lawyers, or suppliers and send fake updated account details.

3. Red Flags Customers Should Watch For

  • Urgent requests (“transfer immediately to protect your account”).
  • Requests for secrecy (“don’t tell anyone, your account is at risk”).
  • Being asked to move money to a “safe account” (no bank will ever ask this).
  • Payment instructions coming by unexpected email, text, or WhatsApp.

4. Strengthen Your Banking Security

  • Use strong multi-factor authentication (MFA).
  • Set up alerts for payments so you know immediately when money leaves your account.

5. Work With Your Bank

  • Report suspicious activity immediately — even if you didn’t fall for it, reporting helps protect others.

Evolving Phishing Tactics

Phishing started out as an email-based scam, but it has since evolved to other communications channels. Strategies that attempt to trick victims into providing sensitive information have also become more advanced, and in many cases, more personalized. Fraudulent phishing messages still typically seek to convey legitimacy by impersonating a real person, business, or other trusted entity — but they are now often sent via text (SMS phishing, or smishing) or phone (voice phishing, or vishing).

There has also been an increase in highly personalized and targeted “spearfishing” attacks, which use information the criminal has gathered about the intended victim to make the communications seem more legitimate.

Preventing Fraud from Evolving Phishing Tactics

1. Email Phishing (Still the Classic)

  • Don’t click links or open attachments from unexpected senders.
  • Check the sender’s address carefully — fraudsters often change one letter (e.g., @bank-secure.com vs @bank.com).
  • Look for spelling/grammar mistakes — often a giveaway of a scam.

2. Smishing (SMS Phishing)

  • Be cautious with texts claiming to be your bank, delivery company, or government.
  • Do not click links in texts. Instead, go directly to the company’s official website or app.
  • Banks will never ask for passwords, PINs, or codes by text.

3. Vishing (Voice Phishing)

  • Scammers can spoof caller IDs to look like your bank or government agency.
  • Hang up and call back using the official number on your card, statement, or website.
  • No legitimate bank will ask you to move money to a “safe account.”

4. Emerging AI-Driven Phishing (Deepfakes & Personalization)

  • AI can mimic voices and writing styles (even friends or relatives).
  • Be skeptical of urgent payment requests — even if they “sound like” someone you know.
  • Use a family/friends code word to confirm identity in emergencies.

5. Universal Red Flags to Remember

  • Urgency: “Act now or your account will be closed.”
  • Secrecy: “Don’t tell anyone about this.”
  • Unusual payment methods: Gift cards, crypto, or wires.
  • Too good to be true offers: “Guaranteed profits” or “free prizes.”

6. Customer Protection Checklist

  • Enable multi-factor authentication (MFA) on all banking and email accounts.
  • Set up account alerts for logins, payments, and transfers.
  • Keep phone and computer security software updated.
  • Only use official apps and bookmarked bank websites.
  • Report suspicious attempts immediately to your bank.
Footer Content