News

Never Give Out That Code: Staying Ahead of Today's Smarter Scams

A caller passes the bank’s security questions. They have the right name, account history, even some specific, unique details. The voice sounds human.

Then it glitches.

"Program end. Program error. Program over."

That's what First Federal Bank staff heard recently when a sophisticated AI bot—one that had been learning to bypass verification procedures after numerous attempts—finally hit its limits. The bot had advanced far enough to bypass initial screening, but escalating questions helped expose what it really was.

"It had developed to the point where it was answering certain prompts and getting past certain questions," says Greg Fluckiger, VP and Information Technology Manager at First Fed. "It had advanced until it was talking to a person and almost passed customer verification."

Welcome to fraud in 2026—where artificial intelligence hasn't perfected the attack, but has increased its sophistication.

Increased Attacks, AI Fraud

"The sheer volume of attacks has increased exponentially," Greg explains. "Some have increased tenfold. Even though AI is still being refined by attackers, they're being successful because of the volume."

That volume creates opportunity. Where fraudsters once had to manually sift through compromised accounts, AI now digests thousands of data points instantly—scanning emails for banking information, identifying easy targets, and feeding that intelligence to human operators ready to strike.

Emily Cook, Electronic Services Manager at First Fed, sees the results daily. "We'll have customers receiving calls from someone representing themselves as the bank, asking them to verify a transaction," she says. "That scammer will send them a secure access code—they're actually going through password reset on online banking—and get the customer to provide information, eventually granting the scammer access to their accounts "

One Rule That Stops Most Attacks

The solution sounds almost too simple: never share your access/security code.

"Never, ever, ever give that out," Emily emphasizes. "Don't share any personal information with someone if you're not 100% sure who you're talking to. The bank is never going to call you and ask for that information."

Scammers know this, so they create urgency. Recent schemes have included fake law enforcement calls claiming missed jury duty with threats of immediate arrest, and demands for payment via gift cards, wire or cryptocurrency—all while keeping victims on the phone so they can't verify the story.

"They're using fear to motivate customers to make decisions they wouldn't otherwise make," Emily notes. "People really need to listen to their gut. If that red flag goes off, get off the phone. Come into the branch, or call us at our main phone number."

Why Caller ID Isn’t Foolproof

Unfortunately, anyone with a free smartphone app can make their call appear to come from any number—including your bank's.

"We cannot do anything about someone impersonating our caller ID number," Greg explains. "Caller ID should never be used to identify who's calling you."

This is where community banking offers a genuine advantage. "Customers can reach us," Greg says. "They can call us, they can get us on the phone. I always call back on a published number. With a big bank, you wouldn't necessarily have that ability."

Protecting Yourself

The best defenses remain straightforward:

• Never share secure access codes—not with callers, not with texts, not with anyone claiming to be the bank
• Call back on a published number if something feels off
• Watch for urgency and fear tactics—legitimate institutions don't threaten immediate arrest
• Monitor your accounts every few days, not just monthly

Use unique passwords and enable multi-factor authentication whenever possible "Take pride in your financial security," Greg advises. "Stay ahead of the curve. These attacks are happening at such high volume—it's in your interest to protect yourself."

The bot that almost passed? It failed because First Fed staff asked one more question. In today's environment, that extra moment of skepticism might be your best protection too.

If something feels off, call us directly at (208) 733-4222.