FDIC-Insured - Backed by the full faith and credit of the U.S. Government
North Shore Bank is alerting the businesses we serve—and members of our broader community—about an ongoing scam targeting recipients of Paycheck Protection Program (PPP) loans.
Fraudsters are using publicly available PPP loan data to impersonate trusted financial institutions, including banks, in an effort to obtain sensitive banking information. These scams are becoming increasingly sophisticated and are designed to look and sound legitimate.
Protecting our customers and community is a top priority, and awareness is the strongest defense.
How the Scam Works
Scammers access public databases that list businesses that received PPP loans, including business names, banking relationships, and loan amounts. Using this information, they contact business owners or employees while posing as bank representatives.
The caller or sender often creates urgency—claiming there is suspicious activity or an issue with a payment—to pressure the recipient into sharing confidential information. Once scammers obtain online banking credentials or one-time security codes, they can access accounts and initiate unauthorized transactions.
These tactics are constantly evolving, making it critical to stay informed.
Common Ways Scammers May Contact You
- Spoofed phone calls
Calls may appear to come from North Shore Bank or another legitimate bank phone number. - Text messages
Messages may claim immediate action is required and include links to fake websites. - Calls to business phone lines
Fraudsters may ask for specific employees by name to sound credible.
Common Claims Used by Scammers
Fraudsters may say they are contacting you regarding:
- Issues with a wire, ACH, or check payment
- Suspicious or fraudulent activity in digital banking
- The need to “verify,” “freeze,” or “stop” a transaction
- A required security or account update
Regardless of the reason provided, be cautious if someone is asking for access to your banking information.
Red Flags to Watch For
- Requests for online banking usernames or passwords
- Requests for one-time passcodes or multifactor authentication codes
- Links asking you to “update” banking information or confirm activity
- Callers impersonating Treasury Management, ACH, or fraud departments
North Shore Bank will never ask for your password, one-time passcodes, or full login credentials.
How to Protect Your Business
Trust your instincts. If something feels off, pause and verify before taking action.
Best Practices for Businesses
- Verify all callers
Caller IDs can be spoofed to look legitimate. If you receive a suspicious call, hang up and contact North Shore Bank directly using a known phone number or reach out to your Relationship Manager. - Use your online banking tools
Set ACH limits and dual controls to provide guardrails for your ACH activity. Review all ACH transactions before submitting an approval. - Avoid unsolicited links
Always access Online Banking through North Shore Bank’s official website—not through links in texts or emails. - Keep credentials private
Never share usernames, passwords, tokens, PINs, or authentication codes. - Educate your team
Ensure employees know how to recognize phishing and spoofing attempts and understand your internal procedures for handling banking requests. - Report suspicious activity immediately
Prompt reporting can help prevent or limit potential losses.
We’re Here to Help
If you believe you’ve been contacted by a scammer—or if you’re unsure whether a communication is legitimate—please contact your local North Shore Bank branch, your Business Banker, or Treasury Services at 800-270-7956 right away. We would much rather answer questions early than see a business impacted by fraud.
North Shore Bank remains committed to helping businesses in our community stay informed, protected, and secure.
For more information, visit our Business Fraud Prevention Center to learn about common scams and best practices for safeguarding your accounts.