Skip to Main Content

Impostor Scams: How Banks Can Build a Stronger Defense

6/5/2025

It started with a call that looked like it came from her bank. Suspicious transactions, the caller said—just share your login to verify. The victim? Cara Wick, a 20-year banking veteran. 

In a recent RMA Journal article, Wick, global financial crimes executive at Bank of America, shared her account takeover (ATO) experience to make a powerful point: While FinCEN once defined ATO as a “computer intrusion,” she argues that “today’s ATO fraud is much more than that—it’s a trust intrusion.” The scammer posed as her bank and used just enough personal information to seem credible—exploiting the confidence she had in her bank’s fraud detection efforts. 

That’s what makes modern impostor scams so effective. Banks have spent years building trust through proactive fraud monitoring. But now, scammers are mimicking that vigilance to gain access. As Wick notes, this is especially dangerous when attackers can reference real details like home addresses or partial account numbers. 

Customer trust is the new attack surface. And the best defense, Wick argues, is proactive, relentless education. 

While U.S. banks provide fraud warnings on websites and occasionally through campaigns, Wick points to the Singapore Police Force’s ScamShield initiative as a model. Through apps, hotlines, bulletins, and everyday public messaging, ScamShield treats scam awareness like a marketing campaign. 

The takeaway: Messaging must be everywhere, constant, and easy to act on. 

Here’s what banks can do: 

  • Treat education as prevention. Banks already train customers not to click shady links. But Wick asks, “Are banks doing enough?” If even industry insiders are fooled, more persistent outreach is needed. 
  • Think like a marketer. Use multiple channels—texts, emails, newsletters, app notifications—to repeat simple anti-scam messages. Bite-sized, high-frequency communication is more effective than static FAQs. 
  • Make it personal. Real stories, like Wick’s, cut through better than generic warnings. They show that anyone—even a seasoned banker—can fall for a well-executed scam. 
  • Reframe trust. It’s essential that customers trust their bank—but they should also be equipped to verify that a message or request is genuine. Knowing when not to trust is part of today’s financial literacy. 

Wick’s story ends on a redemptive note. A second suspicious call came—and this time, she knew to hang up. “My knowledge gave me the confidence I needed to stop the scam,” she writes.