Stay Alert: Fraudsters Are Targeting Businesses with Forgiveness Loan Scams

PPP loans helped you grow, don’t let scammers set you back.

If your small business benefited from a COVID-era loan, such as the Paycheck Protection Program (PPP), it’s important to remain vigilant. Scammers are now targeting companies like yours with schemes aimed at stealing sensitive information or hijacking financial transactions. Understanding how these fraud attempts operate and what red flags to look for can help protect your business.

What Are PPP Related Scams?

Many businesses that received pandemic assistance loans are now being contacted by scammers posing as banks, government officials, or financial service providers. Using publicly available data about loan recipients, fraudsters created highly targeted, convincing messages and phone calls. Their goal? To gain access to your business banking credentials, authorize fake transfers, or compromise your financial accounts.

Watch Out for These Fraud Tactics

  1. Impersonated Bank Calls
    Fraudsters may spoof a phone number to make it appear as though your bank is calling. Even if your caller ID shows the bank’s name or a familiar number, be cautious.

Red Flag: A caller asking for usernames, passwords, or passcodes is not legitimate.

  1. Direct Calls to Your Business Line
    Scammers often ask for specific employees by name, hoping to reach someone authorized to handle wire transfers or online banking tasks.
  2. Pressure to “Confirm” Transactions
    You might receive a call urgently requesting you verify a payment, like an ACH or wire transfer, claiming there’s a security issue. These calls are meant to fluster you into acting quickly and without question.
  3. Pretending to Be Treasury or Operations Staff
    To seem trustworthy, callers may claim they’re from Treasury Management, Risk, or Operations departments—using terms that sound official to gain credibility.
  4. Text Alerts and Phishing Messages
    You may receive a text message with security jargon like “client credential termination” and a link to verify your information. These messages look official but are part of phishing attempts.

Example:

“We’re enhancing your business security profile. Complete the credential review now: [FAKE LINK]”

Don’t click. Banks do not communicate security updates this way or use unfamiliar URLs.

How to Safeguard Your Business from Fraud

  1. Question Unexpected Requests
    Always pause and double-check if a call, text, or email seems out of the ordinary—especially if it's asking for sensitive login details or urgent transfers.
  2. Use Known Contacts
     If someone reaches out claiming to be from your financial institution, hang up and call your relationship manager or local branch using a verified number.
  3. Avoid Links in Messages
     Always access your commercial banking account by typing the URL directly or using a trusted app, not through links sent in emails or texts.
  4. Train Your Staff
     Ensure all employees, especially those handling finances, understand current scam tactics and how to report anything suspicious.

Remaining informed and following the right procedures can significantly reduce your risk. If something feels off, trust your instincts. Always take a moment to verify before taking any action to protect your business. If you encounter a suspicious call or message, report it right away:

  • Reach out directly to your bank or financial institution to confirm and report the incident.

Submit a complaint to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov or call 1-877-FTC-HELP (1-877-382-4357).  

The information provided in these articles is intended for informational purposes only. It is not to be construed as the opinion of Central Bancompany, Inc., and/or its subsidiaries and does not imply endorsement or support of any of the mentioned information, products, services, or providers. All information presented is without any representation, guaranty, or warranty regarding the accuracy, relevance, or completeness of the information.