Fraud Alert Center

Be alert to the latest scams.

You better watch out.

'Tis the season to be wary of scams seeking to steal your holiday spirit.

The holiday season is a time for joy, celebration and, unfortunately, an uptick in scams. At Capital City Bank, we believe that staying safe during this festive time doesn’t have to be a drag. Here’s your guide to spotting scams while keeping the holiday spirit alive.

Shop online safely. Opt for a digital wallet like Apple Pay or Google Pay to avoid exposing card information, and always look for the “https” at checkout.
When traveling, notify your financial institutions. Don’t get caught on the wrong side of security processes designed to protect you.
Keep tabs on your account activity. With online and mobile banking, you can react more quickly to transactions you don’t recognize.
Outsmart gift card scammers. Only purchase from reputable retailers, and never share gift card numbers or PINs.
Beware of phishing attempts. Texts with links, and any contact that asks you to provide financial or personal information are almost always fraud.
Send your best not your checks. When paying bills or giving gifts, opt for secure electronic payments or your Zelle service to avoid mail theft troubles.
Track packages using the delivery service’s website. Be wary of texts or e-mails stating there was a problem with delivery or more postage is due.
Put the kibosh on Bitcoin scams. If you're asked to make a deposit at a Bitcoin ATM, it is fraud. No exceptions.

Be on alert for these red flags to help spot phony communications year round:

  • Text Alerts from a ten-digit phone number are always a no-go. Legitimate alerts come from a five-digit short code number.
  • Secure Access Codes are for your eyes only. Secure access codes are the numeric codes you receive to verify your identify when logging into online banking, and there is no legitimate reason for anyone but you to know them. If you’re being asked to confirm a secure access code, beware.
  • Poor spelling, punctuation and grammar are reliable giveaways. Read messages carefully before taking action – are the instructions logical? Does it even make sense what they’re asking you to do?
  • Be leery of screen-sharing requests. Whether they are asking you to click a link to allow them to show you their screen or give them access to your device, it’s likely a scam.
Capital City Bank Will Never Ask for Sensitive Information: Be confident that we will NEVER call, text, or e-mail you asking for any part of your debit card number, debit card PIN, debit card CVV, or online banking username or password.
 
Hang Up and Verify: If you receive a suspicious communication, the safest response is to hang up immediately and call us directly at the number on the back of your debit card.

Your safety and security are our top priority. Stay vigilant and protect your personal information.

Read more about other common scams.

 

Spot it:

These scams work because, not only do they use advanced spoofing capabilities to give the appearance of trustworthiness by imitating familiar phone numbers and e-mail messaging. They also prey on consequences we all fear, such as having our hard-earned money stolen or debit cards shut off.

Your Capital City Bankers want to help ensure you know how to tell the difference if one day you pick up the phone and hear, “This is Capital City Bank calling.” 

Are they:

  • Asking for information only you should have? Neither Capital City Bank, nor any financial institution, needs you to share your debit card number, debit card PIN, debit card CVVonline banking user name or password — not to authenticate you and not to assist with servicing your account or debit card. We won't ask. Not ever.
  • Pressuring you? Fraudsters threaten; your bankers reassure. Scammers create urgency and exploit fear, trust or an emotional need to help someone by claiming immediate action is necessary to avoid consequences. Your banker will never pressure you into a financial decision. Fraudsters, on the other hand, don’t want to give you time to think it through.
  • Stalling or drawing out the call? Fraudsters have to overcome a number of security protocols intended to protect your account against unauthorized access, so they want to keep you on the phone providing information. As your bankers, we know you’ve got life to get back to, so our goal is not to take any more of your time than necessary.
  • Giving unusual instructions like download an app, share Secure Access Codes that are always meant only for you, or participate in a screen share so they can show you activity in your account?
  • Directing you to wire funds, purchase gift cards, mail cash, or scan a QR code to deposit cash into a Bitcoin ATM to rectify an error on your account, pay a fine or avoid serious consequences?

Avoid it:

If receiving a request like this, the safest response is no response. Tell the fraudsters you’re wise to their game by giving them the dial tone. Hang up and call us right away at the number on the back of your debit card.

A caution about links and unverified contact information:
Remember scammers use links in e-mails and text messages to misdirect you to fraudulent sites where they can steal financial information and account credentials. Do not click links appearing e-mail or text messages, or call phone numbers provided in unexpected calls, texts or e-mails. Always go to a company’s website directly when looking for contact information, and do not trust contact information you find in web search results.

Learn more about steps you can take, including temporarily freezing your card online, on our website at ccbg.com/topics/fraud-and-security.


Explore the key components of the business impersonation scam below.

What you should know:
  • The most commonly impersonated businesses are Amazon followed by Apple, according to the Federal Trade Commission, but the caller could be using the name of any familiar business – even a government agency.
  • Contact can be attempted via phone, text or e-mail.
  • Contact is usually not initiated by you.
  • The name or number on your caller ID might look legitimate because advanced spoofing capability now used widely by scammers allows them to disguise actual caller information.

Scam-Savvy Tips:

  • Legitimate organizations won’t call, text or e-mail to ask for your personal information, including Social Security numbers and bank account details.
  • Stop unwanted calls and texts from reaching you by blocking them on your phone.
  • If you have reason to believe an e-mail or text from a company you do business with is real, it’s always best to verify the sender before clicking any links. But look up their contact information on their website and do not trust phone numbers provided in the message or on your caller ID. Today, these are easily spoofed by scam
The "hooks":
  • We owe you a refund.
  • You owe.
  • You’ve won and we need to get you your prize.
    Links to “claim a free prize” commonly lead to a page where you’re asked to provide payment information to cover shipping costs. The only “prize” you’ll receive is unauthorized activity on your card or account.
  • There’s a problem, e.g. an error on your account, a virus on your computer, you are in trouble with the government, there’s been an emergency.
    You can easily confirm suspicions by contacting the company or agency directly instead of following the instructions given on the call or e-mail. Remember to obtain contact information from a verified source, e.g. the company's website or the back of your debit or credit card. Do not trust contact information left in e-mails, voicemails or text messages.
Scam-Savvy Tips:
IF THEY'RE ASKING YOU TO... WHAT THEY'RE REALLY DOING IS...

Allow remote access to your computer by clicking a link or responding to a pop-up window.


 Using spoofed websites and other tactics such as keystroke loggers to steal debit or credit card information or account login credentials.

Send money back after receiving an overpaid refund.

 Having already gained access to your account, they have transferred your own money from another account or line of credit to trick you into believing the activity you are seeing is the fake refund.

Purchase gift cards and tell them the card numbers or send them a picture of the back of the card.

 Using the numbers to steal the funds you've loaded onto the gift card while telling you that sharing what they are calling “blocking codes” or “security codes” prevents anyone else from accessing the money on the card. 

































Spot it:

These scams work because, not only do they use advanced spoofing capabilities to give the appearance of trustworthiness by imitating familiar phone numbers and e-mail messaging. They also prey on consequences we all fear, such as having our hard-earned money stolen or debit cards shut off.

Your Capital City Bankers want to help ensure you know how to tell the difference if one day you pick up the phone and hear, “This is Capital City Bank calling.” 

Are they:

  • Asking for information only you should have? Neither Capital City Bank, nor any financial institution, needs you to share your debit card number, debit card PIN, debit card CVVonline banking user name or password — not to authenticate you and not to assist with servicing your account or debit card. We won't ask. Not ever.
  • Pressuring you? Fraudsters threaten; your bankers reassure. Scammers create urgency and exploit fear, trust or an emotional need to help someone by claiming immediate action is necessary to avoid consequences. Your banker will never pressure you into a financial decision. Fraudsters, on the other hand, don’t want to give you time to think it through.
  • Stalling or drawing out the call? Fraudsters have to overcome a number of security protocols intended to protect your account against unauthorized access, so they want to keep you on the phone providing information. As your bankers, we know you’ve got life to get back to, so our goal is not to take any more of your time than necessary.
  • Giving unusual instructions like download an app, share Secure Access Codes that are always meant only for you, or participate in a screen share so they can show you activity in your account?
  • Directing you to wire funds, purchase gift cards, mail cash, or scan a QR code to deposit cash into a Bitcoin ATM to rectify an error on your account, pay a fine or avoid serious consequences?

Avoid it:

If receiving a request like this, the safest response is no response. Tell the fraudsters you’re wise to their game by giving them the dial tone. Hang up and call us right away at the number on the back of your debit card.

A caution about links and unverified contact information:
Remember scammers use links in e-mails and text messages to misdirect you to fraudulent sites where they can steal financial information and account credentials. Do not click links appearing e-mail or text messages, or call phone numbers provided in unexpected calls, texts or e-mails. Always go to a company’s website directly when looking for contact information, and do not trust contact information you find in web search results.

Learn more about steps you can take, including temporarily freezing your card online, on our website at ccbg.com/topics/fraud-and-security.


Explore the key components of the business impersonation scam below.

What you should know:
  • The most commonly impersonated businesses are Amazon followed by Apple, according to the Federal Trade Commission, but the caller could be using the name of any familiar business – even a government agency.
  • Contact can be attempted via phone, text or e-mail.
  • Contact is usually not initiated by you.
  • The name or number on your caller ID might look legitimate because advanced spoofing capability now used widely by scammers allows them to disguise actual caller information.

Scam-Savvy Tips:

  • Legitimate organizations won’t call, text or e-mail to ask for your personal information, including Social Security numbers and bank account details.
  • Stop unwanted calls and texts from reaching you by blocking them on your phone.
  • If you have reason to believe an e-mail or text from a company you do business with is real, it’s always best to verify the sender before clicking any links. But look up their contact information on their website and do not trust phone numbers provided in the message or on your caller ID. Today, these are easily spoofed by scammers.

The "hooks":
  • We owe you a refund.
  • You owe.
  • You’ve won and we need to get you your prize.
    Links to “claim a free prize” commonly lead to a page where you’re asked to provide payment information to cover shipping costs. The only “prize” you’ll receive is unauthorized activity on your card or account.
  • There’s a problem, e.g. an error on your account, a virus on your computer, you are in trouble with the government, there’s been an emergency.
    You can easily confirm suspicions by contacting the company or agency directly instead of following the instructions given on the call or e-mail. Remember to obtain contact information from a verified source, e.g. the company's website or the back of your debit or credit card. Do not trust contact information left in e-mails, voicemails or text messages.
Scam-Savvy Tips:
IF THEY'RE ASKING YOU TO... WHAT THEY'RE REALLY DOING IS...

Allow remote access to your computer by clicking a link or responding to a pop-up window.


 Using spoofed websites and other tactics such as keystroke loggers to steal debit or credit card information or account login credentials.

Send money back after receiving an overpaid refund.

 Having already gained access to your account, they have transferred your own money from another account or line of credit to trick you into believing the activity you are seeing is the fake refund.

Purchase gift cards and tell them the card numbers or send them a picture of the back of the card.

 Using the numbers to steal the funds you've loaded onto the gift card while telling you that sharing what they are calling “blocking codes” or “security codes” prevents anyone else from accessing the money on the card. 

































Scammers try to convince you your account has been compromised and you must send money using a bitcoin ATM.

Spot it:

No bank, financial institution or legitimate organization will ask you to send money using a Bitcoin ATM. 

Avoid it:

If ever being instructed by anyone to send money using a Bitcoin ATM - whether they claim to be from your bank, a government agency or any business - it is fraud. Do not provide any information and contact the organization directly using official contact information on an official source, like their verified website, the back of your bank or credit card, your monthly statement, etc. 

Remember not to trust website links provided in e-mails or texts. They could be taking you to a spoofed website.



































Crooks intercept everyday bill remittances at the mailbox to use envelope contents and information to commit check fraud and identity theft. 
 

Any check sent in the mail is at risk as the number of incidents reported and associated fraud losses continue to climb in all parts of the country. And the risk to the individual exceeds the obvious loss of funds. Since many bill payments are often accompanied by remittance slips containing other private personal and financial information such as account numbers and Social Security numbers, a single envelope could supply a criminal with all they need to commit identity theft as well.

Spot it:

There may be no way of spotting this type of fraud until it's too late since thieves are simply intercepting and redirecting the funds. From the account holder's perspective, payments post to their accounts as expected, so often, the first indication something went wrong is when they receive word from the biller that the payment was never received. Otherwise, when the intended recipient does not expect the delivery - as with checks or gift cards mailed in birthday or holiday cards - there may never be any indication. 

Avoid it:

The only sure-fire way to eliminate your risk is to avoid mailing checks altogether and adopt a few mail-theft-resistant habits:
  • Enroll in electronic statements. Opting for paperless billing and statements reduces the amount of sensitive financial information that sits unsecured in your mailbox. 
  • Make electronic payments at the biller’s website or use the Bill Pay feature of your online banking service. Most bill payments are sent electronically. In cases when mailing a check is necessary – the payee is not able to accept electronic payments, for example – Bill Pay is still a more secure option because, unlike the checks in your checkbook, bank-issued checks do not include your signature. Fraudsters look for checks with signatures because they can be copied or forged.
  • Send holiday cheer using Zelle® (personal accounts only) instead of mailing checks, cash or gift cards. Use the Notes section to add personalized holiday greetings. Remember, you should always know the person to whom you are sending money, no matter the method.
  • Business owners, ask us about ACH Origination for business deposits and payments via electronic transfer. Contact us at 888.671.0400 for more information.
Pairing these best practices with vigilance is your best protection. Report any suspicious contact or activity by calling us at 888.671.0400.



































Scams involving technical support are on the rise.

Even if a caller claims to be from a business you know, be suspicious and contact your banker immediately if they are asking you to give them remote access to your computer to fix an error or review recent account activity. 

Spot it:

This type of scam often claims you have received too large a refund and must return the overpaid amount or you must pay a fee immediately to avoid serious consequences. The goal is to trick you into sending money - most often by purchasing gift cards or depositing cash into a Bitcoin ATM - or giving them access to your bank accounts - either by revealing your login information .

Avoid it:

Scammers are well scripted, organized and convincing, but even the most sophisticated schemes give themselves away if you know what to look for.

No matter the circumstances, do not trust anyone who is:

  • Asking for information only you should have. Neither Capital City Bank, nor any financial institution, needs you to share your debit card number, debit card PIN, debit card CVV, online banking user name or password — not to authenticate you and not to assist with servicing your account or debit card. We won't ask. Not ever.
  • Pressuring you. Fraudsters threaten; your bankers reassure. Scammers create urgency and exploit fear, trust or an emotional need to help someone by claiming immediate action is necessary to avoid consequences. Your banker will never pressure you into a financial decision. Fraudsters, on the other hand, don’t want to give you time to think it through.
  • Stalling or drawing out the call. Fraudsters have to overcome a number of security protocols intended to protect your account against unauthorized access, so they want to keep you on the phone providing information. As your bankers, we know you’ve got life to get back to, so our goal is not to take any more of your time than necessary.
  • Giving unusual instructions like download an app, share Secure Access Codes that are always meant only for you, or participate in a screen share so they can show you activity in your account.
  • Directing you to wire funds, purchase gift cards, mail cash, or scan a QR code to deposit cash into a Bitcoin ATM to rectify an error on your account, pay a fine or avoid serious consequences.

A caution about links and unverified contact information:
Remember scammers use links in e-mails and text messages to misdirect you to fraudulent sites where they can steal financial information and account credentials. Do not click links appearing e-mail or text messages, or call phone numbers provided in unexpected calls, texts or e-mails. Always go to a company’s website directly when looking for contact information, and do not trust contact information you find in web search results.

 

Explore the key components of the business impersonation scam below.

What you should know:
  • The most commonly impersonated businesses are Amazon followed by Apple, according to the Federal Trade Commission, but the caller could be using the name of any familiar business – even a government agency.
  • Contact can be attempted via phone, text or e-mail.
  • Contact is usually not initiated by you.
  • The name or number on your caller ID might look legitimate because advanced spoofing capability now used widely by scammers allows them to disguise actual caller information.

Scam-Savvy Tips:

  • Legitimate organizations won’t call, text or e-mail to ask for your personal information, including Social Security numbers and bank account details.
  • Stop unwanted calls and texts from reaching you by blocking them on your phone.
  • If you have reason to believe an e-mail or text from a company you do business with is real, it’s always best to verify the sender before clicking any links. But look up their contact information on their website and do not trust phone numbers provided in the message or on your caller ID. Today, these are easily spoofed by scammers.


The "hooks":
  • We owe you a refund.
  • You owe.
  • You’ve won and we need to get you your prize.
    Links to “claim a free prize” commonly lead to a page where you’re asked to provide payment information to cover shipping costs. The only “prize” you’ll receive is unauthorized activity on your card or account.
  • There’s a problem, e.g. an error on your account, a virus on your computer, you are in trouble with the government, there’s been an emergency.
    You can easily confirm suspicions by contacting the company or agency directly instead of following the instructions given on the call or e-mail. Remember to obtain contact information from a verified source, e.g. the company's website or the back of your debit or credit card. Do not trust contact information left in e-mails, voicemails or text messages.
Scam-Savvy Tips:
IF THEY'RE ASKING YOU TO... WHAT THEY'RE REALLY DOING IS...

Allow remote access to your computer by clicking a link or responding to a pop-up window.


 Using spoofed websites and other tactics such as keystroke loggers to steal debit or credit card information or account login credentials.

Send money back after receiving an overpaid refund.

 Having already gained access to your account, they have transferred your own money from another account or line of credit to trick you into believing the activity you are seeing is the fake refund.

Purchase gift cards and tell them the card numbers or send them a picture of the back of the card.

 Using the numbers to steal the funds you've loaded onto the gift card while telling you that sharing what they are calling “blocking codes” or “security codes” prevents anyone else from accessing the money on the card. 

What you should know: Urgency is a ploy used by scammers because they want you to act before you have time to think about whether their requests make sense.

Scam-Savvy Tip: Where a legitimate business will allow you time to make a decision, a scammer succeeds by using fear or threats to induce you to act immediately.

What you should know: These scams usually begin with a call, text or e-mail claiming a problem with your account or debit card to get your attention. They either provide a phone number to call or ask you for a response that will trigger someone to call you (e.g. a text message asking you to confirm a recent purchase. When you reply that you did not make the purchase, they call.) At some point during the call, they say they need access to your device to resolve the issue, and they send a link to click to allow them in. The link may appear to launch some action on your device but this is all part of the deception. Their goal is obtaining your online banking credentials so they can access to your account and steal funds.

Scam-savvy Tip: Even if a caller claims to be from a business you know, be suspicious and contact your banker immediately if they are requesting access to your device for technical assistance.