This article highlights key fraud trends that financial institutions should be watching closely. These insights come from NEACH’s ongoing work to help member institutions stay ahead of emerging fraud threats and evolving compliance challenges.
Current industry trends show a sharp rise in account phishing attacks, along with an increasing use of generative AI to carry out financial fraud. Non-delivery schemes are also becoming more common, including scams involving empty packages or goods that never arrive. Understanding these patterns can help institutions strengthen their defenses and better protect their customers.
Here's what you need to watch for now to help protect your FI and its clients and members.
Account Phishing
Every year around this time, a recurring fraud pattern appears—often called "account phishing" or "ACH phishing." Some refer to it as ATM attacks, but the core method remains the same: Fraudsters send out hundreds of micro-entries to various accounts, trying to find which account numbers are valid.
If your institution usually sees 25–30 entries on an unposted report and suddenly notices 250–300, that's a red flag. Most of these entries are tiny transactions sent to random accounts. Entries bounce back as "invalid account" or "no such account.” Fraudsters know those numbers don't work. But when entries successfully post to consumer accounts, that signals a "jackpot"—a valid account number they can target.
One way to identify potential ACH phishing is to check the receiver's name in the entries. Fraudulent entries often contain gibberish, numbers, or repeat the same name across multiple transactions. In contrast, legitimate entries usually match the actual account holder's name. Another warning sign is sequential transaction patterns—like 001, 002, 003—with identical or nonsensical receiver information.
Typically, when a fraudster successfully identifies an authentic account, what follows is a wave of unauthorized debits, creating a major headache for Receiving Depository Financial Institutions (RDFIs), especially smaller ones with limited staff. Unless these entries can be returned quickly—possibly using an R17 return code—you'll need written statements from account holders to reverse each unauthorized debit.
By monitoring sudden increases in micro-entries and understanding how these phishing attacks operate, you can help prevent problems before they escalate. Additionally, by using proactive detection methods, such as return reason codes like R17 and clear procedures, you can protect yourself from issues like these. Ongoing staff education is equally important. Additionally, when frontline teams are trained to recognize these patterns, they can help reduce the success rate of phishing attempts. Together, these efforts enable RDFIs to better safeguard account holders and reduce operational strain during peak fraud seasons.
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
Another pressing concern: the increasing role of artificial intelligence in financial fraud. AI is now enabling criminals to craft convincing phishing emails, eliminating many of the telltale signs—such as poor grammar—that institutions once relied on to spot scams. Today, AI-generated voice and video technology can convincingly impersonate executives, making it easier for fraudsters to deceive employees to initiate unauthorized fund transfers. This evolving threat underscores the need for financial institutions to stay informed and invest in advanced fraud detection strategies.
The dual role of AI—as both a weapon for fraudsters and a fraud mitigation tool for FIs—highlights the importance of investing in advanced detection strategies and staff training. As payment systems evolve quickly and digital assets like stablecoins become more popular, mitigating fraud demands an innovative, proactive approach.
For more on this topic, check out FBI Alert Number: I-120324-PSA: Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud and the KPMG report, “Fighting Fraud Payments with AI.”
Non-Delivery Scams
Finally, as the holiday season approaches, expect fraud to continue to ramp up. Take for instance, non-delivery scams—like receiving a box filled with bricks instead of a TV—which are on the rise. In scams like these, consumers are lured into clicking links in emails or on social media that promise deep discounts on popular items.
When a customer reports that they paid for a product or service but didn't receive it—such as receiving an empty box instead of a TV—this is not considered a Regulation E claim. Reg E only covers unauthorized electronic fund transfers, and in these cases, the transaction was authorized by the account holder. There's also no valid ACH return reason code or debit card chargeback category for "I got an empty box.'"
Even if a chargeback is attempted, the merchant can typically provide a copy of the transaction to prove that a package was delivered. They are not required to prove the contents of that package. This is essential for frontline staff to understand so they can clearly explain to account holders why such disputes must be handled directly with the merchant. Institutions should also stay informed about these scams to avoid falling victim themselves.
Unsolicited Packages
Businesses and individuals should also be cautious of unsolicited packages, especially those with QR codes on the outside claiming to provide packing lists or registration links. Scanning these codes can lead to phishing sites or fraudulent payment requests. Variations of this scam have been documented by IC3 and Malwarebytes, making it a timely topic for consumer education. Sharing this information internally helps ensure consistent messaging to account holders and reinforces fraud prevention across the institution.
Here are a few tips the FBI offers to help your customers/members avoid falling prey to this scam:
- Beware of unsolicited packages containing merchandise you did not order.
- Beware of packages that do not include sender information.
- Take precautions before authorizing phone permissions and access to websites and applications.
For more on how to protect your institution and its customers/members, check out FBI Alert Number I-073125-PSA-: "Unsolicited Packages Containing QR Codes Used to Initiate Fraud Schemes." You might also find the following Malwarebytes article helpful: "Unexpected Snail Mail Packages are Being Sent with Scammy QR Codes, Warns FBI."
Additional Updates
In addition to staying up to date on these emerging fraud schemes, it’s also important to stay knowledgeable about broader developments in the fraud landscape, including the following:
· The 2025 Dirty Dozen Tax Refund Fraud Report is now available. I've also confirmed that our Tax Refund Fraud Education program will be held in January next year—moved up from late February—to give everyone a strong start heading into tax refund fraud season.
· On the wire fraud front, a recent statistics report from third-party provider Eftsure shows that real estate transactions and business email compromise continue to dominate both in terms of dollar losses and case volume.
NEACH - New England Automated Clearing House Association is a neutral, member-focused advocate. Our role is to give you the intelligence, context, and connections you need to make informed strategic decisions. We bring together industry leaders, policymakers, and innovators so you can evaluate innovation through the lens of your institution’s mission and market strategy. For more information, visit neach.org.