Call us at (800) 513-7678 or visit your nearest Frost financial center.

Home / Business Products & Services / Commercial Fraud and Security

Fraud prevention tips to help protect your business

As your business banking partner, we hold your financial security at a high priority. As a result, we're finding new ways to not only help protect your business and its assets, but also empower you to keep your business safe.

Explore these tips to help safeguard your business information

Keep your business banking login safe

Frost will never reach out to you to ask for your account login information such as company ID, passwords, usernames, security pins or token number. Do not share this information with anyone.

Always verbally confirm new payment instructions

If you receive a request to change payment instructions, call to confirm using a known number. Never use the email addresses or phone numbers provided in the email request to confirm new payment instructions.

Think before you click

If you receive an email you did not expect, exercise caution before clicking on any links – even those sent by someone you know. Emails with many uncharacteristic typos and grammatical errors are a red flag and may lead to malware or account compromise.

Use search engines carefully

When using a search engine to find the login for Frost Treasury Connect, ensure that you are visiting the correct URL. Fraudsters can imitate the web address with minor changes to appear legitimate.

Monitor your accounts

Create a policy to carefully check your statements monthly and reconcile your accounts daily for unexpected activity. Contact us immediately if you notice any unusual activity on your account.

Safeguard your business checks

Keep your business’s check stock in a secure location. If mailing payments by check is necessary, drop them off inside a secure location, rather than an unguarded drop box or outgoing mail slot.

Search engine ad scams are on the rise

Some search engines display ads ahead of legitimate search results. Take note of the URL you click on.

Frost products and services to protect your business

Best practices to protect yourself from insider fraud, outsider fraud and cybercriminals.

  • ACH Fraud Prevention Services
    Protect your financial assets by adding an extra layer of security between your accounts and unauthorized debits, credits or both.
  • Sign up for Positive Pay with Payee Review
    With Positive Pay, you’re able to verify checks for payment and return fraudulent checks before they post to your account – not days or weeks later.
  • Payment alerts
    Setup payment alerts in Alerts Center on Frost Connect, helping you stay aware of payments and high-risk activity happening on your account.
  • Transaction limits
    Set limits on payment amounts in Frost Connect’s user maintenance section to appropriately manage your payment risk.
  • Frost Connect’s Two-Factor Authentication
    Provides an added layer of security that requires users to submit a unique code from a physical or mobile token at each login.
Image of laptop showing Treasury Connect

Common fraud schemes impacting businesses

Business Email Compromise (BEC) takes advantage of a compromised email address, tricking the recipient into sending a wire or ACH payment to a new account.

Business email compromise (BEC)

These emails often come from an authoritative position to a subordinate and include a level of urgency to ‘rush’ the transaction. Because the fraudster has access to the legitimate email address, they have access to email history to mimic writing style, email signatures, references to discussions from the past, and include details of financial deals, using those elements to construct a convincing and urgent email.

Learn more

Check fraud occurs when criminals steal mail from postal boxes or mail carriers, looking for check payments.

Check fraud

They use stolen checks to create counterfeit versions, or to alter legitimate checks to be payable to a different entity. Businesses impacted by check fraud may find counterfeit checks drawn on their account or may be notified of a late payment when the recipient does not receive their check.

Learn more

Social engineering exploits human psychology and trust in order to gain access to information or resources.

Social engineering

A fraudster may pose as an IT technician, calling an employee about a critical security issue with their computer. Causing a sense of panic, the fraudster urges the employee to provide login credentials or grant remote access to their device to "fix" the supposed issue. Unknowingly, the employee could provide the scammer with access to business systems, leading to unauthorized transactions or other exploitation of company resources.

Learn more

Vendor impersonation occurs when criminals pretend to be a trusted organization to mislead a business into sending payments to a fraudulent account.

Vendor impersonation

Typically, criminals will claim their usual account is going through an audit, and require a change in payment instructions, or claim that they no longer accept checks or ACH payments. Carefully inspect the email address, often they will look deceptively similar to a known email address and always call a known number to verify any new payment instructions.

Malware is software used to infiltrate company networks, gain access to files and data and can be used to takeover control of a device.


Malware can impact your business by clicking on a malicious link, or opening a file, often as an attachment in an email that contains the malicious software. This can lead to business email compromise and can be used to access sensitive data when it is entered into a secure website, sent through email or stored in a file.

Bank impersonation involves a phone call from someone claiming to be from your bank.

Bank impersonation​

Fraudsters can make their phone number show as the bank’s phone number, lending credibility to the call. The fraudsters will attempt to help you resolve a problem, and ask you to share sensitive information with them, such as your password or a token number. They can use this information to access your account and attempt to transfer funds without your knowledge.

Fraud resources for consumers and small businesses

Stay informed of current fraud trends and learn more about types of financial fraud impacting consumers and small businesses.

Learn more

Frequently Asked Questions

What to do if you suspect fraud

  • If you are suspicious, don’t reply, open attachments, click on links, or enter any information.
  • Verbally contact the party that claims to have sent the email at a known number, and verify whether it is legitimate.
  • If you provided any information about your Frost Connect account, contact a Frost treasury management representative Monday - Friday from 7:00 am to 6:00 pm at (888) 481-0336.

  • If you have received a call from someone claiming to be from Frost, write down their name, hang up, and call us back at (888) 481-0336 to verify they are a legitimate Frost employee.
  • Frost will never reach out to you to ask for sensitive information such as your full account number, password, six-digit token number or full Social Security number. Do not share this information with anyone.
  • Look for typos and grammatical errors in a text message, and do not click on any links included in the message.
  • If you inadvertently gave out any sensitive information, contact a Frost treasury management representative Monday - Friday from 7:00 am to 6:00 pm at (888) 481-0336.

  • If your debit card was lost or stolen, call us at (800) 513-7678.
  • Monitor your account statements monthly for any unauthorized charges and report them to Frost.
  • If you are signed up to use Frost Online Banking, you can report your card lost or stolen by visiting frostbank.com, logging in to Frost Online Banking, clicking “Account Services” and selecting “Report a lost or stolen card” under “Card Management.”

  • Discontinue using the computer and engage an IT professional to scan for and confirm that malware is removed.
  • Review your email settings for any rules that may have been set up, and scan your sent folder for any emails you do not recall sending.
  • Change the passwords on any accounts accessed by the affected computer.

  • Phishing emails often contain demanding or urgent requests for quick action. It is common to begin with generic greetings or lack of greetings, contain misspellings, and come from a new or unofficial email address. These emails will also often contain links to unfamiliar webpages, attachments with files you weren’t expecting, demands for payment, or requests for sensitive information like passwords, account numbers, company IDs or transaction information.
  • For more information about phishing, click here.

If something doesn't look right, call us