Skip To Main Content

FDIC Insured - Backed by the full faith and credit of the U.S. Government

Resource Corner

Resources > Fraud Prevention

Protect Your Business: Double-Sided Spoofing

eFraud Prevention Jun 4, 2025
Learn about Double-Sided Spoofing and how to protect you and your business.
Lock on a keyboard

How the Scam Works


Targeting a Business Customer: 
  • A fraudster contacts a commercial client of a financial institution, posing as a bank representative or law enforcement.
  • Using social engineering tactics, they manipulate the customer into revealing login credentials and other security details.
Compromising the Financial Institution: 
  • The fraudster, armed with the stolen credentials, contacts the financial institution pretending to be the commercial client.
  • They request a token reset or security changes, using the obtained information to correctly answer verification questions.
Executing Unauthorized Transactions:
  • Once the token is reset, the fraudster gains full access to the client’s bank account.
  • They initiate ACH credit and wire transfers, sending funds to accounts under their control.

How Businesses and Financial Institutions Can Protect Themselves


Enhanced Authentication and Verification

  • Scrutinize profile changes: Before processing security changes (like token resets), check for recent modifications. If changes are within the past 30 days, apply additional verification.
  • Verify customer identity rigorously: Instead of acting immediately on a reset request, call the customer back using a known phone number from internal records.
  • Pin drop technology: When speaking with customers on the phone, use location-based verification to confirm if the call is coming from a recognized location.
  • IP monitoring: If a request is made from an electronic device, check if the IP address is associated with the customer's usual activity. Flag requests from new or suspicious locations.
  • Biometric authentication: Use voice recognition to detect scripted responses and verify if the caller’s speech pattern matches the account holder’s past interactions.
Proactive Fraud Prevention Strategies

  • Implement Positive Pay: Encourage business customers to use Positive Pay services for both credits and debits. This tool prevents unauthorized transactions by requiring prior approval before processing.
  • Educate commercial clients: Regularly train business customers on fraud risks, including how to recognize spoofing attempts and social engineering tactics.
  • Multi-layered transaction monitoring: Establish behavioral analytics to flag unusual transactions, such as sudden large withdrawals or transfers to high-risk accounts.
  • Strengthen internal fraud detection: Implement AI-driven fraud detection systems that can identify patterns associated with social engineering attacks.

Why This Scam is Especially Dangerous

This type of double-sided spoofing is a sophisticated evolution of credit-push fraud. Unlike traditional fraud, where the goal is to trick victims into sending money, this method bypasses a financial institution’s security controls by manipulating both the business customer and the bank itself. The fraudster does not need to steal credentials alone—they exploit the bank’s own processes for resetting authentication mechanisms.

 

SUGGESTED ARTICLES
All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.