Avoiding Tax-Related Scams

Tax Related Scams

Tax season can be a stressful time for many individuals and businesses. Unfortunately, it’s also a prime opportunity for scammers to prey on unsuspecting taxpayers. With the rise of digital communication and sophisticated tactics, tax scams have become increasingly prevalent. However, arming yourself with knowledge and awareness can be your best defense against falling victim to these schemes.

Tax scams come in various forms, but some of the most prevalent ones include:

Phishing Emails

Scammers send emails posing as legitimate organizations such as the IRS or tax preparation software companies, asking recipients to click on links or download attachments that contain malware or request personal information.

Phone Scams

Fraudsters impersonate IRS agents and call taxpayers, demanding immediate payment for taxes owed or threatening legal action, arrest, or deportation if payment is not made.

Identity Theft

Thieves steal personal information, such as social security numbers or bank account details, to file fraudulent tax returns and claim refunds.

Fake Charities

Scammers set up fake charities to solicit donations from taxpayers, promising tax deductions for contributions that never benefit legitimate causes.


Protecting yourself from tax scams requires vigilance and caution. Here are some essential tips to keep in mind:

Verify Communication

The IRS typically communicates with taxpayers via postal mail, not email or phone calls. Be wary of unsolicited emails or calls claiming to be from the IRS. Never provide personal information over the phone or via email.

Use Reputable Tax Preparation Services

If you use tax preparation software or services, make sure they are reputable and secure. Avoid unknown or unverified tax preparers, especially those who promise unusually high refunds or charge exorbitant fees.

Secure Your Personal Information

Safeguard your personal and financial information by using strong, unique passwords for online accounts and avoiding sharing sensitive data on unsecured websites or over unencrypted connections.

Be Skeptical of Demands for Immediate Payment

The IRS will never demand immediate payment over the phone or via email, nor will they threaten legal action, arrest, or deportation for unpaid taxes. If you receive such a call or email, it’s likely a scam.

Monitor Your Accounts and Credit Report

Regularly review your bank and credit card statements for unauthorized transactions and monitor your credit report for any signs of identity theft or fraudulent activity.

Tax scams are a serious threat that can result in financial loss and identity theft for unsuspecting taxpayers. By staying informed, remaining vigilant, and following the tips outlined above, you can protect yourself from falling victim to these fraudulent schemes. As always, don’t hesitate to contact your American Federal banker with any questions.

The Importance of Having a Passcode on Your Mobile Phone

Phone Lock Graphic

Our lives are intertwined with technology, and our smartphones contain a treasure trove of personal information. From sensitive emails and messages to financial transactions and family photos, the data stored on our mobile phones is invaluable and, unfortunately, vulnerable. One simple yet powerful way to protect yourself and your smartphone is by setting up a passcode. Why is this important?

It Helps Prevent Identity Theft

With the rise of digital connectivity, identity theft has become a prevalent threat. Without a passcode, anyone can potentially gain access to your email, social media accounts, and more. A passcode acts as a barrier, thwarting attempts to impersonate you and preventing unauthorized access to accounts that could lead to identity theft.

It Helps Secure Your Financial Information

Mobile phones are increasingly used for financial transactions, and without a passcode your financial information is at risk. Fraudsters could potentially access your accounts and actually move money out of them. Setting up a secure passcode ensures that even if your phone falls into the wrong hands, access to your financial accounts is restricted, protecting your hard-earned money from potential theft.

Preventing Unauthorized Purchases

Many mobile users link their devices to app stores and online marketplaces. Without a passcode, unauthorized individuals, especially children, may inadvertently make purchases using your accounts. A passcode acts as a safeguard, preventing unintended transactions and saving you from potential financial headaches.

Safeguarding Confidential Work Data

For professionals who use smartphones for work-related tasks, a passcode is essential for protecting sensitive business information. From emails to documents, a passcode ensures that your work-related data remains confidential and inaccessible to prying eyes.

Deterrence Against Theft

A passcode not only protects your data, but also serves as a deterrent against theft. Thieves are less likely to target smartphones with passcodes, as the added security makes unauthorized access more difficult, which reduces the appeal of stolen devices.

Lock it Up!

Setting up a passcode on your mobile phone is not just a routine security practice; it’s a proactive step towards safeguarding your digital identity, financial well-being, and personal privacy. As we navigate the intricacies of the digital age, let a passcode be your first line of defense in securing the gateway to your digital world.

If you need assistance setting up a passcode for your please contact your local office

Avoiding Spring Break Travel Scams

Tropical Beach

As spring approaches, many are eagerly anticipating the much-needed break that comes with it. For college students and families alike, spring break offers a chance to unwind and explore new destinations. However, it’s crucial to remain vigilant against potential scams that can make a dream vacation turn bad.

Spring break travel scams come in various forms, targeting unsuspecting travelers who may be too caught up in the thrill of the moment to notice red flags. From fraudulent accommodations to fake tour packages, here’s what you need to know to safeguard yourself against these scams:

Bogus Accommodation Listings

One of the most common scams involves fake accommodation listings on popular booking websites. Scammers create enticing listings for vacation rentals or hotels at unbeatable prices. However, once payment is made, the accommodation either doesn’t exist or it’s not as advertised. To avoid this, always book through reputable websites and read reviews from previous guests.

Phony Travel Packages

Be wary of travel agencies or websites offering all-inclusive spring break packages at unbelievably low prices. These deals often come with hidden fees, poor accommodations, or nonexistent amenities. Before booking any package, research the company thoroughly, check reviews, and verify its legitimacy.  

Fake Excursions and Tours

When booking excursions or tours at your destination, be cautious of overly aggressive vendors or tour operators. Some may promise exclusive experiences or low prices to lure tourists, only to deliver subpar services or disappear with your money. Stick to reputable tour companies recommended by trusted sources, such as your hotel or well-known travel websites.

ATM Skimming

While traveling, be vigilant when using ATMs, especially in tourist-heavy areas. Skimmers can install devices on ATMs to steal your card information, compromising your bank account. To minimize the risk, use ATMs located within banks or reputable establishments, and always cover the keypad when entering your PIN.

Wi-Fi Scams

Public Wi-Fi networks in airports, cafes, or hotels can be breeding grounds for hackers looking to steal personal information. Avoid accessing sensitive accounts or making online purchases while connected to unsecured Wi-Fi networks. Instead, use a virtual private network (VPN) for added security or rely on your mobile data. 

Identity Theft

Whether booking flights, hotels, or activities online, always use secure websites with HTTPS encryption. Avoid sharing sensitive information, such as your Social Security number or passport details, unless absolutely necessary. Monitor your bank and credit card statements regularly for any unauthorized transactions. 

While spring break is a time for relaxation and adventure, it’s essential to remain vigilant against potential scams that can ruin your vacation experience. By staying informed, researching thoroughly, and trusting your instincts, you can ensure a safe and enjoyable spring break getaway. Remember, if an offer seems too good to be true, it probably is. Stay safe and have a fantastic spring break!

If you have any questions or concerns, please contact your local office

Triangulation Fraud: Protect Yourself this Holiday Season

Woman shopping online with laptop

Fraudsters are constantly finding innovative ways to exploit vulnerabilities and steal your money. One fairly new method gaining prominence is triangulation fraud, a deceptive practice that puts both consumers and businesses at risk. In these final days before Christmas, remember to be extra careful when shopping online.

What is Triangulation Fraud?

Triangulation fraud involves a fake retail website set up by fraudsters, an unsuspecting customer, and a legitimate retailer. Here’s the basic process:

  1. Fraudsters create a fake retail website that attracts unsuspecting customers with name-brand products at ‘too good to be true’ prices.
  2. Once a customer places an order, the fraudsters purchase the desired product from a legitimate source using stolen credit card information from a previous shopper.
  3. The customer’s credit card is billed for the ‘too good to be true’ price and the item is shipped from the legitimate seller to the customer. This creates the illusion of a genuine transaction.

If the customer receives the item, why is this bad?

This is bad for a number of reasons. First off, the fake retail site is using stolen credit card information to complete the transaction. Second, if you’re the customer in this scenario, the fake retail website now has your credit card information as well, which will be used in future fraudulent transactions, both to rip you off and to fool other customers. Likewise, customers fooled into thinking that this is a legitimate transaction often leave glowing reviews on the fake retail site, thus perpetuating the scam. The scam also causes reputational damage to legitimate retailers and erodes overall trust in online transactions.

Why is it more common during the holiday season?

Criminals typically schedule the scheme for the holiday season because merchants are less alert to suspicious delivery behavior. It is not uncommon for gift purchases to be shipped somewhere different than the billing address. Likewise, shoppers are typically more concerned about if they received the item as oppose to from where it was shipped.

How to protect yourself:

Be alert! Consumers should exercise caution when encountering online deals that seem too good to be true. Thoroughly research the legitimacy of the e-commerce platform and check for customer reviews before making a purchase.

Use secure payment methods whenever possible. Credit cards often provide additional layers of protection against fraudulent transactions, so they are typically safer than debit cards for online transactions.

Report suspicious activity. If you come across a suspicious website or believe they have fallen victim to triangulation fraud, report the incident to relevant authorities and their financial institution.

Triangulation fraud poses a significant threat to both consumers and legitimate businesses operating in the online marketplace. As technology evolves, so too do the tactics of fraudsters. Awareness, vigilance, and education are crucial in combating this type of deception. By staying informed and taking precautionary measures, you as a consumer can protect your money while contributing to the collective effort to create a safer online environment.

Your Bank is Calling… Or Are They?

woman checking her balance on her phone in a cafe

In 2022, scammers stole over $8.8 billion from regular people. Don’t become their next victim.

Phishing via calls and texts are more prevalent than ever. Watch for these four red flags:

  1. They ask you to open a link
  2. They use urgent or fear-inducing language
  3. They request personal info like PINs, passwords, Social Security numbers, or access codes delivered through email, text or voice
  4. They pressure you to log into or send money with payment apps

Phone Call Scams

Scammers sometimes try to cheat you out of your money by impersonating your bank over the phone. In some scams, they act friendly and helpful. In others, they’ll threaten or scare you. Scammers will often ask for your personal information or get you to send them money. Banks never will.

Watch out for a false sense of urgency

Scammers count on getting you to act before you think, usually by including a threat. Banks never will. A scammer might say “act now or your account will be closed,” or even “we’ve detected suspicious activity on your account” — don’t give into the pressure.

Never give sensitive information

Never share sensitive information like your bank password, PIN, or a one-time login code with someone who calls you unexpectedly — even if they say they’re from your bank. Banks may need to verify personal information if you call them, but never the other way around. Your bank will never ask for your PIN, password, or one-time login code in when calling you.

Don’t rely on caller ID

Scammers can make any number or name appear on your caller ID. Even if your phone shows it’s your bank calling, it could be anyone. Always be wary of incoming calls.

Hang up – even if it sounds legit

Whether it’s a scammer impersonating your bank or a real call, stay safe by ending unexpected calls and directly dialing your bank instead.

Text Message Scams

Phishing text messages attempt to trick you into sharing personal information like your password, PIN, or social security number to gain access to your bank account. As long as you don’t respond to these messages and delete them instead, your information is safe. All you need to do is spot the signs of a scam before you click or reply.

Slow down – think before you act

Acting too quickly when you receive phishing text messages can result in unintentionally giving scammers access to your bank account — and your money. Scammers want you to feel confused and rushed, which is always a red flag. Banks will never threaten you into responding, or use high-pressure tactics.

Don’t click links

Never click on a link sent via text message — especially if it asks you to sign into your bank account. Scammers often use this technique to steal your username and password. When in doubt, visit your bank’s website by typing the URL directly into your browser or login to your bank’s mobile app.

Never send personal information

Your bank will never ask for your PIN, password, or one-time login code in a text message. If you receive a text message asking for personal information, it’s a scam.

Delete the message

Don’t risk accidentally replying to or saving a fraudulent text message on your phone. If you are reporting the message, take a screenshot to share, then delete it.

The bottom line: be careful!

Always be diligent when dealing with your money and access to your accounts. Remember that it’s OK to question the motives of someone contacting you unexpectedly. And as always, never hesitate to contact your local American Federal office with any questions or if something seems suspicious.

Avoiding Common Holiday Scams

Lighted laptop keyboard

The United States Department of Treasury’s Office of Cybersecurity and Critical Infrastructure Protection recently issued an advisory with tips for consumers to protect themselves from scams and fraud. From Cyber Monday to the rest of the holiday shopping season and beyond, it’s a good list of practices to follow to keep your money and information safe.

Follow these tips to avoid common holiday scams:

  • Buy only from reputable merchants.

  • Stay informed of common scamming tactics, share your knowledge with others, and remain skeptical of unsolicited calls, emails, and texts, especially those creating a sense of urgency.

  • Exercise caution when receiving unexpected phone calls and emails from your financial institutions, unsolicited texts, and embedded links. Confirm the legitimacy of requests by directly contacting the requesting entity through official channels.

  • Practice safe online behavior. Be cautious about the information you share online. Avoid oversharing personal details on social media platforms.

  • Don’t be pressured to purchase an item or pay for a service quickly. Take time to think, research, and talk to someone trusted. Fraud and phishing scams often capitalize on creating a sense of scarcity or fear of missing out. Legitimate businesses will give you time to decide.

  • Regularly monitor your financial and card credit statements for unauthorized or suspicious transactions. Report any discrepancies to the credit card or financial institution immediately.

  • If an online deal looks too good to be true, it likely is. Be suspicious. Scammers often offer products at significantly reduced prices. If a luxury item or an electronic device is offered at an extreme discount, it’s likely counterfeit or will never be delivered.

  • Don’t give out personal or account information to anyone who calls.

  • Don’t rely on caller ID. Criminals can fake their identities and locations on phone calls.

  • Never pay someone who insists you pay via a gift card or using a money transfer service. Also, never deposit a check and then send money back to someone.

  • Use a credit card to pay for online purchases. As required by law, credit card companies provide a fraud liability guarantee which limits liability for unauthorized charges to $50 ($0 if the card was stolen and the card company is notified prior to purchases being made).

  • Enable Two-Factor Authentication (2FA). Strengthen the security of your accounts with 2FA, making it harder for attackers to gain access.

  • Never allow permissions to an unknown app and use different passwords for each downloaded app.

  • When using money transfer services, be certain to validate who you’re sending money to and their contact details.

Stay Safe When Shopping Online

Woman Shopping on Laptop

Online shopping has become an integral part of our lives, offering convenience and access to a wide range of products and services. However, with the growth of e-commerce, online shopping scams have also proliferated. These scams can result in financial loss and personal information theft. To ensure a safe and enjoyable online shopping experience, it’s crucial to be aware of potential pitfalls and take precautions. Below are some effective strategies to avoid falling victim to online shopping scams.

Shop from Reputable Websites

The first rule of safe online shopping is to stick with well-known and reputable websites. Established e-commerce platforms like Amazon, eBay, Walmart, and official brand websites typically have robust security measures in place. Avoid unfamiliar websites that offer unbelievable deals, as these are often a front for scams.

Read Reviews and Ratings

Customer reviews and ratings can provide valuable insights into a product’s quality and the credibility of a seller. If a product has consistently negative reviews or no reviews at all, it may be a red flag. Be wary of sellers with low ratings or questionable histories.

Beware of Too-Good-to-Be-True Deals

Scammers often lure victims with incredibly low prices on popular products. If a deal seems too good to be true, it probably is. Compare prices across multiple websites to ensure you’re getting a fair deal.

Use Secure Payment Methods

When making a purchase, use secure payment methods such as credit cards or trusted digital payment platforms. Avoid wiring money, using gift cards, or sending cash as these methods offer little to no recourse in case of fraud. Credit cards often have built-in fraud protection that can help you recover your funds in case of unauthorized transactions.

Protect Your Personal Information

Never share more personal information than necessary. Legitimate online stores will usually only require essential information like your name, shipping address, and payment details. Be cautious if a website asks for excessive personal information or irrelevant details.

Keep Your Devices Secure

Ensure that your computer or mobile device is protected with up-to-date antivirus software and a strong firewall. Regularly update your operating system and browser to fix security vulnerabilities. Avoid using public Wi-Fi networks for shopping, as they can be less secure.

Verify Contact Information

Legitimate businesses provide clear and accessible contact information, including a physical address and a customer service phone number or email. Verify this information before making a purchase. Scammers often hide behind anonymity.

Be Cautious with Email Offers

Phishing emails often impersonate popular retailers and offer enticing deals to lure victims. Avoid clicking on suspicious links or downloading attachments from unknown senders. Instead, go directly to the retailer’s website by typing the URL in your browser.

Trust Your Instincts

If something feels off or too uncertain, trust your instincts and err on the side of caution. Online shopping scams rely on victims being in a hurry or making impulsive decisions. Take your time to research, verify, and make informed choices.


Online shopping scams are a real threat, but with vigilance and knowledge you can protect yourself from falling victim. By following these guidelines, you can enjoy the convenience of online shopping while safeguarding your financial and personal security. Stay safe, shop wisely, and enjoy the benefits of e-commerce while avoiding scams.

Texting and Phishing Scams – Be Aware

Email icons

Every day, thousands of people fall for fraudulent emails, texts, and calls from scammers pretending to be a bank. These are commonly referred to as phishing scams and victims can lose hundreds, even thousands of dollars. At American Federal we (as well as other institutions) have seen an uptick in the number of instances of fraud attempts. In fact, below is an example of an actual Phishing text a customer received.

Phishing attempt

Often times, as in this case, the fraudster will use an actual financial institution’s name. It’s important that you never interact with a message unless you are expecting it and know exactly where it is from. If a message is suspect, always contact your local American Federal office.

Phishing scammers want you to click on a link or share personal information (like a password or social security number) so that they can use that information to steal your money and/or identity. Below is some additional information on phishing scams. 

The Bait

  • Scammers use familiar company names or pretend to be someone you know. They send a text or ‘spoofed’ email or even call you in a way that makes it appear to be from a friend, family member, or an employee of a trusted organization like your bank, credit card company, government agency or phone company.
  • The bait may look and sound like a legitimate request. The scammers might even have personal information about you, like your date of birth or password.
  • They often say they need your information now, to protect your account, to help a loved one in trouble, or to confirm login or password information and warn that something bad will happen if you do not act immediately.
  • They ask you to give sensitive information like passwords or bank account numbers or they ask you to click on a link. If you click on the link, they can install malicious programs that can lock you out of your computer or enable them to gain access to use your personal or financial information, even from outside of the country.

Avoid the Hook

  • Take a few minutes to check a request out. You wouldn’t give your house keys to someone you don’t know or trust. Don’t give someone the keys to your bank account before you know who that person is and are certain that person can be trusted.
  • If someone calls asking for information or wants you to act, tell the caller you will call back, then call the number on your billing statement or credit card to report the call. If the caller tries to convince you to stay on the phone, it’s a scam. Hang-up and call the trusted number.
  • If it’s an email, don’t click on it. Go to the company’s website using a bookmark or type it in and check for alerts on your account.
  • If you’re unsure, ask a friend, coworker, family member, or caregiver to help.

Look for Scam Tip-Offs

  • You don’t have an account with the company.
  • The email, text or caller is asking for account information, including passwords.
  • Grammatical errors or something just seems fishy or not right.

Protect Yourself

  • Keep your computer and mobile device security software up to date and regularly back up your data.
  • Change your security settings to enable multi-factor authentication—a second step to verify who you are, like a text with a code—for accounts that support it.
  • Change any compromised passwords right away and do not reuse those passwords for other accounts.
  • Use a cloud-based account such as Google Drive or Microsoft OneDrive that can allow you to restore your data if your computer is comprised.
  • Don’t provide any information to anyone who calls, sends a text, or emails you out of the blue. Only do it if you’ve called or emailed them.

Protect Your Business and Employees from Email Compromise Scams

Security Icon

Here at American Federal Bank, protecting our customers from fraud is a top priority and we want you to know about a threat that we have seen multiple businesses fall victim to.

Fraudsters know that many business owners and executives will be out of the office during the upcoming spring and summer seasons, and will use the opportunity to try and trick your employees. The fraudsters send email messages to your employees that appear to come from a company owner or executive, along with instructions to send money or sensitive information to them. This threat is very real and we’ve seen significant losses happen in our communities.

These attempts are especially deceitful because emails often make what appears to be a legitimate request, including sending an invoice with updated payment information. Employees believe they are just doing what their superiors or coworkers are asking them to do, and mistakenly comply.

Below are some steps to reduce the chances of an employee becoming a victim of business email compromise:

  • Educate and train employees to recognize, question, and independently authenticate changes in payment instructions, payment methods (e.g., ACH to wire), or when pressured to act quickly or secretively.
  • Be old-fashioned! Verbally authenticate any changes via phone call to a verified telephone number.
  • Review accounts frequently.
  • Initiate payments using dual controls.
  • Never provide passwords, usernames, authentication credentials or account information when contacted.
  • Don’t provide nonpublic business information on social media.
  • Avoid free web-based email accounts for business purposes. A company domain should always be used in business emails.
  • Consider registering domains that closely resemble the company’s actual domain to make impersonation harder.
  • Do not use the “reply” option when authenticating emails for payment requests. Instead, use the “forward” option and type in the correct email address or select from a known address book.

If you do fall victim to one of these fraud attempts, please reach out to American Federal Bank as soon as possible so we can assist.

The Importance of Small Business Security Check-Ups

Security Icon

Cyber security remains a growing concern for small businesses. It’s a good idea for business owners to conduct periodic reviews of their data security program.

Security Check-Up Suggestions

The Small Business Administration, the Federal Trade Commission and the American Bankers Association offer a number of suggestions aimed at helping businesses protect their files and devices and their company and customer information from cyberattacks.

Start with a Plan

Begin by understanding your business risk profile.  What are you trying to protect and where are you most vulnerable? Identify devices, servers and vendors that store company date and customer credit card and other information.  Know what vendors supply the software you use, and how secure their practices are.  Also, take a broader look at protecting your financial and bank data, personnel information and intellectual property.

Review Policies and Procedures

Re-evaluate your security policies and procedures that determine access controls to acceptable use. Have you added new products and services or entered new markets that altered the operations of your business?  Who has access to information in your company and the log-in credentials to conduct transactions?

Train Employees

The weakest link in a security plan is employees. From day one, explain the importance of your organization’s data security practices to employees. Conduct regular training that outlines your company’s practices and how to spot new risks, security vulnerabilities and identify theft.  Create a culture of security by demonstrating what you expect and making security an essential part of employees’ duties.  When employees leave, terminate access immediately.

Warn about Phishing

Educate employees on the dangers of spear phishing – emails containing information that makes them look legitimate. Require independent verification of emails requesting sensitive information.  Train employees not to reply to email when they do not recognize the sender, and not to use links, phone numbers or websites contained in the suspect email.

Cover the Basics

Implementing the basic steps of cyber hygiene will protect your business and reduce the risk of a cyberattack.

  • Update Software. Update and apply the latest patches to your operating systems and software, including anti-virus software and antispyware, apps and web browsers. Set updates to take place automatically.
  • Secure your Network and Files.   Safeguard your Internet connection by using a firewall. Back up files offline, on an external hard drive or in the cloud.  Control physical access, too. Make sure you also store your paper files securely.
  • Encrypt Devices. Encrypt devices and other media that contain confidential, sensitive and proprietary information.  This includes laptops, smartphones, inventory scanners, digital scanners, removable devices, backup tapes and cloud storage solutions.
  • Use Multi-Factor Authentication. Enable multi-factor authentication to access areas of your network and sensitive information.  This requires additional steps beyond logging in with a password.
  • Require Strong Passwords. Use passwords for all computer hardware, including routers, laptops, tablets and smartphones. Require strong passwords of 8-12 characters that are a mix of UPPER and lower case letters, numbers and symbols.  Passwords must not contain personal information, like part of a TIN, or be easily cracked, like “password,” “qwerty” or “12345678.” Never leave devices unattended in public places and avoid pubic WiFi.

Secure Payment Processing

Work with your bank or credit card processor to ensure the most trusted and validated tools and anti-fraud services are being used.  Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.

Develop an Incident Response Plan

Know what to do and who to call when a cyber incident occurs.


Report scams against a small business at FTC.gov/complaint.

These websites and publications also have information on securing sensitive data: