A cybersecurity watchdog group recently warned that Paycheck Protection Program (PPP) borrowers are being targeted in bank impersonation scams. Although none of Bank of Canton's clients have yet reported this scam, we are still encouraging all PPP borrowers to exercise caution before responding to unexpected communications that appear to be from their PPP lender.

In this variation of the bank impersonation scam, criminals are accessing PPP loan information published by the government – including business name, loan number and originating bank – and posing as bank representatives to commit fraud. Here's a typical example:

1.) You get a phone call, email, or text from a bank representative, who says there is an urgent problem with your account (such as an issue with a wire transfer, payment or payroll). Remember, criminals can spoof a bank's name and phone number on your Caller ID display.

2.) To fix the issue, first they ask you for your online banking User ID. They may say this is just "a security precaution" or "to verify your identity."

3.) Then they send you a security code. When it arrives, they ask you to tell them the security code. (In reality, the criminal has initiated the "Forgot Password?" process for your online banking User ID, and the code is actually the password reset verification code.)

4.) With your User ID and the verification code, the criminal resets your password and locks you out of online banking. The criminal now has complete access to your accounts. You might be told that you won't be able to access online banking while they are "fixing the problem."

If you are contacted in this manner, end the phone call immediately and/or delete any texts and emails without responding. Never share your personal information, account information or any validation code texts with anyone else – banks will never ask for your login credentials, validation codes or account numbers. If you are unsure whether a call/email/text might be a scam, stop communicating with the other party and call your bank using your phone’s keypad (not a link) to verify the situation.