The FDIC Office of Inspector General (OIG) issued alerts highlighting the latest fraud schemes affecting banks and their customers across the United States. The risks from the scams in the latest warning and ongoing threats can often be reduced with increased awareness and education. Arthur State Bank is here to help. We explain the FDIC OIG alerts on financial fraud schemes—Pig Butchering, ATM Jackpotting, call spoofing, and impersonation—and tactics to reduce banks’ risks.
Why the FDIC OIG Alerts Matter for Financial Institutions
The FDIC OIG regularly publishes alerts to help banks identify emerging fraud risks and protect businesses and the broader financial system. The recent alerts emphasize that modern fraud schemes exploit digital communication, cryptocurrency transactions, and vulnerabilities in financial infrastructure.
These schemes can expose banks and lenders to risks such as:
- Fraud losses and operational disruption
- Compliance and regulatory concerns
- Reputational damage
- Increased workload related to investigations and Suspicious Activity Reports (SARs)
We’re explaining the mechanics of these schemes—and how to spot warning signs early—to help institutions respond quickly and limit potential harm.
1. Pig Butchering Scams
One of the most concerning financial fraud schemes identified in recent FDIC OIG alerts is the Pig Butchering scam, a type of long-term confidence and investment fraud. The scam’s name refers to the process of “fattening up” the victim with promises of high returns before stealing their funds.
How a Pig Butchering Scam Works
Criminals gradually build trust with victims (consumers and employees of financial institutions) before convincing them to invest in fake opportunities, often involving cryptocurrency. Scams typically follow this progression:
- Scammers contact the victim through social media, text messages, or dating apps
- They build a relationship over time to gain the victim’s trust
- They introduce fake investment opportunities into the conversation
- They encourage the victim to transfer increasing amounts of money into the fake investments
- The scammer claims additional fees must be paid to withdraw the victim’s funds and/or disappear once the funds are transferred
Red Flags for Financial Institutions
Banks may notice unusual withdrawal patterns and account activity when customers are targeted by Pig Butchering scams, such as:
- Sudden or large transfers to cryptocurrency exchanges or virtual asset service providers (VASPs)
- Repeated wire transfers inconsistent with prior account activity
- Customers are urgently requesting funds to meet an “investment deadline”
- The customer calls the bank to request cancellation of a transfer related to VASPs
- Large withdrawals followed by digital asset purchases
Prevention Practices for Banks
Stronger Know Your Customer (KYC) monitoring can help reduce the risk of these scams and make red flags easier to identify. Banks should take steps to confirm and report any suspicious activity, such as:
- Reviewing transactions involving new cryptocurrency activity
- Educating customers about investment scams and encouraging reporting
- Banks must report schemes immediately by filing a Suspicious Activity Report (SAR) and 314(b) filings; they should also refer customers who are victims of Pig Butchering Scams to their local police department for reporting and the FBI’s Internet Crime Complaint Center (IC3).
2. ATM Jackpotting Schemes
Another growing threat banks should be aware of is the ATM jackpotting scams, which are cyber-physical attacks (typically using malware) that force a machine to dispense cash on command. These financial fraud scams typically involve organized crime groups.
How ATM Jackpotting Works
These schemes may target an individual machine or multiple locations to maximize cash stolen before fraud is detected. Withdrawal ploys typically involve these three steps:
- Physically access the ATM and test it for alarms and entry methods
- Surveil the machine for re-stocking and personnel routines, and review CCTV placement
- Installs malware or connects a device to the machine’s internal components
- Use malicious software to trigger unauthorized cash withdrawals
Warning Signs of ATM Jackpotting
This fraud scheme leaves several physical and digital red flags, such as:
- Machine doors are opened outside of scheduled maintenance
- An unknown executable field appears on ATM systems
- Unauthorized USB devices are connected to the ATM hardware
- ATMs are running out of cash unusually quickly
- Suspicious surveillance activity around ATM locations (someone taking photos of the machines or trying to open doors to test alarm systems)
Prevention Best Practices for Banks
Mitigating ATM jackpotting risks requires bolstering the machine’s security and surveillance. Some tactics recommended by the OIG include:
- Re-keying all ATMs for unique access
- Add a security gate to the front of the machine and secure components with tamper-resistant covers
- Encrypt the ATM software
- Install coded alarms
- Utilize CCTV and license readers
- Increase employees’ awareness of the scheme and encourage reporting of any unusual activity
3. Caller ID Spoofing Scams
Spoofing calls target financial customers by impersonating banks or government agencies via phone calls to gain access to their accounts or data. While many financial institutions and customers think they can spot bad actors, the OIG’s warning on Caller ID Spoofing scams is that these are becoming increasingly sophisticated.
How Caller ID Scams Work
Fraudsters use falsified caller ID to appear to be a legitimate bank employee or other financial institution associated with a business, earning an account holder’s trust. A scammer may pretend to be a business’s bank by displaying a phone number associated with the institution, or an employee by using an actual worker’s name or credentials, or referencing names and titles likely to be trusted.
Once a spoofer has the person’s trust, the scam continues as follows:
- The scammer reports they see fraudulent activity on the business’s financial account.
- Informs the account holder that they need login credentials or other sensitive information to resolve the falsified activity
- Use the credentials provided to reset the customer’s password to access the account and initiate funds transfers
Red Flags for Financial Institutions
Seeing the warning signs of this scheme requires a financial institution to be vigilant about customers’ reports or suspicions. Some activities that can indicate caller ID spoofing scams targeting customers are:
- Account holders report unexpected calls from the bank requesting personal information
- Sudden or unusual account activity following customer reports of suspicious calls
- Multiple customers are reporting similar impersonation attempts
Best Prevention Practices for Banks
The OIG encourages financial institutions to help reduce the risks of spoofing scams by:
- Educating customers about how spoofing calls work
- Clearly communicating that banks will never request sensitive information by phone
- Encouraging customers to hang up and call the institution directly
- Monitoring business and personal checking accounts for unusual transaction patterns following reported spoofing calls
4. FDIC and OIG Impersonation Scams
Another fraud ploy to watch for involves scammers impersonating the FDIC or other government entities. The OIG alert states that impersonation schemes may involve claiming that a customer’s funds are at risk, that a bank or individual is under investigation, or that the institution is being fined for a violation.
How FDIC Impersonation Scams Work and Warning Signs
Scammers use unsolicited phone calls, text messages, or emails claiming to be from the FDIC or the FDIC OIG to fraudulently gain access to accounts or demand funds. These scams typically involve two types, with slightly different warning signs, outlined below.
| Scheme Type | How It Works | Key Red Flags |
| Windfall (grant or money offer) | • Scammers claim the victim has been awarded money or a grant • Request personal information for the deposit (bank account or credit card) • Request to transfer fines or for gift cards and digital currency payments to “release” the funds |
Requests for upfront payment or sensitive financial information in exchange for the prize, grant, or offer |
| Violation (OIG impersonation) | • Scammers pose as investigative FDIC OIG personnel; may use “official” titles or logos
• Falsify fines the institution or individual must pay to avoid arrest or other penalties |
• Threats of arrest and urgent demands for payment
• Requests for payment via gift cards or unconventional methods |
Prevention Best Practices
These may appear legitimate because the communications often use official-looking FDIC seals or logos or agent names. Keys to reducing the potential impact of impersonation scams are:
- Training employees to be wary of unsolicited contacts and to follow up on any customer reports of high-pressure tactics or threats of account freezes
- Informing customers and employees that FDIC officials do not request money or sensitive data
- Encouraging reporting of suspicious communications and unsolicited correspondence through the FDIC OIG Hotline
Strengthening Fraud Prevention in Financial Institutions
While Pig Butchering, ATM Jackpotting, FDIC Impersonation, and Caller ID Spoofing scams differ in their methods, each relies on social engineering, technological manipulation, and exploitation tactics that financial institutions can prepare for.
To reduce exposure to these and any bad actor’s schemes, institutions should focus on:
- Employee training to spot red flags and warning signs
- Customer education about emerging fraud tactics and credit card security tips
- Strong transaction monitoring and anomaly detection
- Rapid reporting of suspicious activity
- Cross-department coordination between fraud, compliance, and security teams
- Publishing fraud warnings and reminders on their websites and mobile apps
The FDIC OIG alerts highlight the evolution of fraud schemes, but awareness and proactive prevention strategies remain steady tactics to reduce these risks.
Arthur State Bank: Your Fraud Prevention Resource
Proudly serving South Carolina since 1933, Arthur State Bank offers personal accounts and business banking solutions, and fraud prevention insights to help keep customers protected. Community banks like ours can be an important line of defense against fraudsters, helping to reduce risk and provide trusted guidance. The latest schemes may be evolving, but strong prevention and ongoing education remain essential to staying one step ahead. If you have questions or concerns about account activity or emerging trends, contact us today.
