Spotting & Avoiding Common Scams

Fraud is increasingly organized, fast-moving, and technology-driven, impacting both consumers and businesses. Small and mid-sized businesses are especially vulnerable because they often lack the staffing, cybersecurity tools, and IT infrastructure needed to prevent sophisticated attacks. Common entry points for fraud include email, stolen mail, social engineering tactics, and the spoofing of trusted institutions such as Carrollton Bank.

We’ll Never Ask for Your Personal Info

Carrollton Bank will never ask for your Social Security number, password, one-time passcode (OTP), or PIN through email, mail, phone call (live or automated), or text message. If you contact us, we may ask for limited information to verify your identity, but we will never request your password or OTP. If something doesn’t feel right, do not engage, contact your local Carrollton Bank office.

Know the Scams – and How to Avoid Them

Pharming

Pharming occurs when malicious software on your device secretly redirects you to a fake website that looks like the real thing. These fraudulent sites are designed to capture sensitive information, such as your online banking username and password.

Example:
You type carrolltonbanking.com into your browser, but instead you are redirected to carroltonbank.net. The site looks almost identical to Carrollton Bank’s website but was created by a fraudster to steal your information.

How to Protect Yourself:

  • Check the web address carefully. Watch for small differences like a missing letter, an extra hyphen, or “.net” instead of “.com.”
  • Look for HTTPS. A secure site will display a lock icon 🔒 and “https” in the address bar.
  • Keep your devices updated. Install the latest versions of your browser, antivirus software, and operating system. Outdated software is more vulnerable to attack.
  • Use bookmarks for trusted sites. Save official banking links so you don’t have to type them in each time.
  • Turn on security tools. Many browsers and antivirus programs include anti-phishing or anti-malware features that can block fake sites before you connect.

Lottery or “Prince” Scams

In this type of scam, you’re contacted unexpectedly, often by letter, text, or email, with promises of a large reward if you agree to help transfer money. The scammer’s goal is to trick you into sharing your bank account details or sending money upfront.

Example:
“I am Prince Kaelen Darethian of Virelundor. I need to transfer $1 million. Please provide your bank account, and I will reward you with $250,000.”

How to Protect Yourself:

  • No legitimate organization or individual will offer you money out of the blue.
  • Never share personal or financial information in response to unsolicited requests.
  • Remember: if it sounds too good to be true, it is.

Fake Overpayment Scam

In this scam, a buyer sends you a check for more than the agreed-upon price of an item you’re selling online. They then ask you to return or wire back the difference. Once the check is deposited, it appears valid at first, but later bounces, leaving you out all of the money including what you sent back.

Example:
You sell an item for $1,200. The buyer sends a check for $2,000 and asks you to wire back the $800 difference. When the check is discovered to be fraudulent, it is charged back against your account and the $2,000 is removed from your account.

How to Protect Yourself:

  • Never accept payment for more than the agreed amount.
  • Be suspicious of anyone who insists you send back part of the funds.
  • Wait for checks to fully clear before treating them as cash – fraudulent checks can take days to be returned.

Business Email Compromise (BEC)

Business Email Compromise happens when fraudsters gain access to a legitimate email account, often through phishing or stolen credentials, and then use it to trick businesses into sending money to fraudulent accounts. Once inside, they can read real emails, copy genuine invoices, and then create look-alike versions with altered payment instructions. Because the emails look authentic, businesses may unknowingly send funds directly to the fraudster.

Example:
A vendor’s email account is hacked. The fraudster finds a real invoice, changes the bank account number, and resends it to you from the vendor’s actual email address. Believing it to be legitimate, you pay the invoice – but the money goes straight to the fraudster’s account.

How to Protect Yourself:

  • Always verify payment instruction changes by phone using a trusted number (not the one listed in the email).
  • Set up dual approval for outgoing payments like wires and ACH transfers.
  • Turn on multi-factor authentication (MFA) for your email accounts.
  • Never rely solely on email to confirm financial transactions and never verify payment instructions by replying to an email, always use a known phone number.
  • Use secure portals or encrypted email for sharing sensitive information such as account numbers.

ATM & Card Skimming

Skimming is when criminals capture the magnetic-stripe data from your card and use it to create a cloned card for fraudulent transactions. Skimmers often pair the card data with a hidden camera or fake keypad to steal your PIN as well.

How skimming happens:

  • A fake device (an “overlay”) is attached over the card slot of an ATM, gas pump, or other kiosk. A small hidden camera may record your PIN entry.
  • An employee or thief briefly swipes your card through a portable skimming device during what appears to be a normal transaction.

Example:
A gas station card reader looks bulky or slightly off-color. After using it, you later discover unauthorized charges on your account.

How to protect yourself:

  • Use the chip reader or contactless tap instead of swiping whenever possible.
  • Inspect the card reader and surrounding area before inserting your card – tug on the reader; overlays often feel loose.
  • Cover the keypad with your hand when entering your PIN.
  • Prefer ATMs inside bank branches or well-lit locations over standalone pumps or kiosks.
  • Monitor account activity and enable transaction alerts in online banking so you’re notified quickly of suspicious charges.

What to do if you suspect skimming:

  • Contact Carrollton Bank immediately to report suspected fraud:
    • Debit Cards: (800) 754-4128
    • Credit Cards: (800) 558-3424
  • If you notice an unusual device on an ATM or pump, leave the area and report the location to the business and local authorities.
  • Report fraud or suspicious activity to Carrollton Bank Fraud at (888) 533-1877.
  • Review statements and freeze or replace your card if unauthorized transactions appear.

Mail Theft & Check Fraud

Mail theft is a leading source of check fraud. Stolen mail can expose checks and account details that criminals may sell online (including underground markets) or use to create counterfeit checks. Thieves may also chemically “wash” legitimate checks to change the payee or amount before cashing or depositing them.

Example:
You place a check in an outdoor mailbox to pay a utility bill. A thief steals the mail, uses chemicals to wash the ink, and changes the payee and amount. Instead of your $120 payment, a $4,200 check made out to the fraudster clears your account.

How to Protect Yourself:

  • Use secure mail options: Install a locked mailbox for incoming mail. For outgoing mail, do not use outdoor blue USPS collection boxes, drop items inside the post office or hand them directly to a mail carrier. Avoid leaving any mail in an unlocked box overnight.
  • Prefer electronic payments: When possible, use Bill Pay, ACH, or wire instead of paper checks.
  • Watch your accounts: Review activity regularly (and enable account alerts). When checks clear, confirm both the payee and the amount.
  • Make checks harder to alter: If you must write checks, use pigmented (gel-based) ink and secure your check stock.
  • Act fast if something’s off: If a check goes missing or appears altered, place a stop payment immediately and contact Carrollton Bank.

For Business Customers:

  • Use Payee Positive Pay to help detect altered or unauthorized checks before posting.
  • Set up alerts and dual approval for payments; reconcile frequently to spot issues early.
  • Consider moving invoices and collections to electronic options to reduce mailed checks.

Phishing, Vishing, Smishing & Social Engineering

Fraudsters use email (phishing), phone calls (vishing), and text messages (smishing) to impersonate trusted companies, banks, coworkers, or government agencies. Beyond the channel, this is social engineering, criminals manipulate emotions like urgency, fear, authority, or trust, often personalizing messages with details pulled from websites or social media. They may also spoof caller ID, email addresses, or websites to make the contact look legitimate.

Common Red Flags

  • Urgency or fear: “Act now or your account will be locked,” “This is time-sensitive.”
  • Authority pressure or secrecy: “From the CEO… do this right away and don’t tell anyone.”
  • Payment changes: New or updated wire/ACH instructions, or requests to “withdraw funds for security reasons.”
  • Requests for sensitive data: Passwords, PINs, one-time passcodes (OTP), card numbers. Carrollton Bank will never ask for these.
  • Look-alikes: Slightly altered email domains, URLs, or caller ID (e.g., “carroLLtonbank.com” with capital L’s).
  • Suspicious links/attachments leading to fake “verification” pages.

Examples:

  • A text asks, “Did you just authorize an Amazon purchase?” When you reply “No,” a caller posing as the Carrollton Bank Fraud Department asks for your online banking credentials.
  • An automated call claims, “Your debit card has been blocked, enter your card number and PIN to reactivate.”
  • An email states, “Your Online Banking Access Has Been Suspended. Click here to verify.”
  • An urgent “CEO” email directs you to wire funds to a “vendor” or a family member in crisis, leveraging real names/details to feel authentic.

Legitimate Carrollton Bank Text Messages

We may text you for specific reasons:

  • Online banking alerts you’ve opted into (e.g., transactions, payment approvals, balance limits).
  • To verify debit card transactions when potential fraud is detected.

Important: It's important to know that unless you initiate contact with us directly, we will never ask you to provide your personal information, such as your account number, Social Security number, One Time Password (OTP), a two-factor authentication code used to login to your Online Banking Account, or user ID, through email, U.S. mail, live or automated phone call, or text message.

How to Protect Yourself

  • Slow down. Pressure and urgency are red flags – pause before you click, reply, or pay.
  • Verify out-of-band. For any payment or account-change request, call a trusted number you already know (not one from the message). Never verify by email reply.
  • Don’t share credentials or OTPs. Carrollton Bank will never ask for them by email, text, or phone.
  • Avoid links/attachments from unexpected messages; navigate directly to known websites.
  • Harden your accounts. Turn on multi-factor authentication (especially for email), and enable account/activity alerts.
  • Limit public info. Reduce details on websites/social media that scammers can reuse to sound convincing.
  • For businesses: Use dual approval for wires/ACH, require call-backs using known numbers for payment changes, and avoid email-only financial approvals; use secure portals or encrypted email for sensitive data.
  • Following these best practices can help protect you from fraud, identity theft, and other cyber threats.

If You Interacted or Aren’t Sure

Contact Carrollton Bank immediately. We’ll help secure your bank accounts and guide next steps. Contact your local Carrollton Bank office or send an email to security@carrolltonbanking.com.

Debit & Credit Card Protection

Carrollton Bank provides 24/7 fraud monitoring on your debit and credit cards. If unusual activity is detected, we will first send a text message to your mobile device. If there is no response, we will follow up with an email, and then a phone call to the number on your account. To ensure you receive these alerts, please keep your contact information up to date.

Lost or stolen card? Call immediately:

  • Debit Cards: (800) 754-4128
  • Credit Cards: (800) 558-3424

Card Safety Tips:

  • Carrollton Bank, Mastercard®, and Visa® will never contact you directly to ask for your PIN, password, or to request that you transfer funds or process transactions to “protect” your account.
  • Carry only the cards you use regularly.
  • Set up account alerts in online banking so you’re notified quickly of unusual charges.
  • Memorize your PIN; never write it down or share it.
  • Choose a PIN that cannot be easily guessed – avoid using your Social Security number, date of birth, address, or other personal information.
  • Shred old receipts and statements before discarding them.
  • Cancel unused or expired cards to reduce your exposure.
  • Review your account activity and statements frequently to catch unauthorized charges early.
  • Notify us before traveling to prevent service interruptions and ensure your card continues to work wherever you go.

Find your Carrollton Bank

Third Party Site Disclaimer

You are leaving Carrollton Bank's website and will be redirected to another site. Carrollton Bank makes no endorsement or claims about the accuracy or content of the information contained in these sites. The security and privacy policies on these sites may be different than Carrollton Bank.

« Cancel Continue » ×

Warning!

Regular email is not secure. Please do not include any personal or financial information when contacting Carrollton Bank via email.

« Cancel Continue » ×