Skip to Main Content
Personal Banking Home
Small Business Home
Commercial & Specialty Home
Wealth Management Home

Learn how to protect yourself against fraud

Be informed of recent schemes so that you can keep your personal information secure.

Beware of calls and texts claiming to be from First Horizon Bank

We’ve received reports about a recent scheme where fraudulent text messages are being sent to select First Horizon clients.

What you need to know

  • The text asks the recipient to call a spoofed number and provide sensitive account information.
  • This scheme has targeted clients from many different financial institutions in addition to First Horizon.
  • First Horizon Bank will never initiate contact with you directly and ask for personal or account information, including requests to verify your identity by texting codes or passwords.

What you can do

If you receive a text message or phone call related to this scheme, do not call the number displayed in the text, click on any links or provide your account information.

If you are concerned that you’ve been a victim of fraud, please call us at 800-382-5465

Banking Trojan — a malware designed to collect banking information from victims

A phishing campaign has been observed targeting organizations mostly in the US. The malware being deployed as part of the attack is classified as a banking Trojan. The malware is equipped with a variety of sophisticated evasion and information-stealing capability, as well as propagation functionality and a strong persistence mechanism.

How can I prevent it?

  • Refrain from opening attachments or clicking links within emails or texts from senders that seem out of place, or context, or from senders that you do not recognize.
  • Consider disabling macro functionality in spreadsheet and documents by default.
  • Maintain anti-virus software updates/patches on personal computers.
  • Route internet requests through an internet proxy to avoid accessing known malicious websites.
  • Use DNS services that block access to known malicious sites.

Be Cautious of COVID-19 Related Fraud Schemes

The most common types of fraud schemes will target you through phishing (fake emails), smishing (text messages), and vishing (voice calls). Fraudsters create fraudulent websites, applications, and send emails, SMS messages that include topics like cures for COVID-19, early or expedited economic impact payments, government relief testing locations in your area, and fraudulent medical providers looking to obtain patient information for testing.

Tips for avoiding COVID-19 related fraud schemes:

  • Do not provide your logins, financial data, or other personal information in response to an unsolicited email, social media post, text, or phone call. First Horizon will never email or text you requesting you to call or respond with your account number, PIN or access code.
  • Refrain from opening attachments or clicking links within emails or texts from senders that you do not recognize. Scammers use email or text messages to trick you into giving them your personal information.
  • Don’t trust your Caller ID. Scammers may pose as government officials or First Horizon employees to steal your personal information. First Horizon will never call you directly and ask to verify your account numbers, password or access code.
  • Always validate a person’s organization by calling them back through an official phone number. Don't call phone numbers mentioned in the questionable message.
  • Be cautious of messages that are making urgent requests. Fraudsters may emphasize the words "stimulus check" or “stimulus payment” when the official term is economic impact payment.
  • Visit websites manually by inputting their domains into your browser.
  • Protect your devices (e.g., phone, tablet and computer) with the latest browsers, operating systems and antivirus software.
  • Seek news about the virus from verified/legitimate sources.

How to report COVID-19 fraud schemes:

  • If you believe you are a victim of fraud, notice potentially suspicious activity on your First Horizon account, and/or have provided personal or banking information, contact Client Services at 800-382-5465.
  • If you receive unsolicited emails, text messages, or social media attempts to gather information that appear to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EETPS), you should forward it to phishing@irs.gov.
  • If you receive unsolicited phone calls appearing to originate from the CDC, you can report the calls to the Federal Communications Commission.

COVID-19 Stimulus Check Fraud

Be aware of government imposters calling or messaging consumers about a special COVID-19 government grant. The callers indicate that it’s necessary to verify the recipient’s identity and may suggest the recipient will receive their stimulus check faster if they share personal details and pay a small "processing fee."

It's important to remember that the IRS will never call and ask consumers to verify payment details. Your stimulus check will be deposited into the direct deposit account previously provided on your tax return, or in the alternative, a paper check will be mailed.

Never give out your bank account number, debit card number, or other personal identifying information to anyone, even if someone claims it’s necessary to receive your stimulus check. If you receive a call, do not engage the caller and just hang up. If you receive text messages or emails claiming that you can get your money faster by sending personal information or clicking links, delete them. Never click on links or attachments from emails in which you are not familiar with the sender. Official stimulus/relief information regarding COVID-19 will never be sent via text/SMS or on any other messaging platforms.

Additionally, be aware of fraudulent stimulus checks received in the mail. Red flags for these fraudulent checks include: a “stimulus check” for an odd amount, especially one with cents, or a check that requires the recipient to verify the check by calling a number or visiting a specific website.

For more information, visit https://www.irs.gov/coronavirus or https://www.fcc.gov/covid-scams.

Spoofing and Phishing Continues

Fraudulent First Horizon text messages and spoofed phone calls appearing to be from First Horizon Client Services are continuing to target customers. In both instances, the customer’s personal banking information is being requested (e.g., online banking username, password, account number, etc.).

It is essential to remember that First Horizon Bank will never initiate contact with you directly and ask for personal or account information, including requests to verify your identity by texting codes or passwords. However, in situations where you initiate contact with First Horizon’s Client Services department, the call center representative may utilize these methods to secure your account and/or verify your identity.

If you receive a text message or phone call regarding this scheme, do not click on the link or hang up immediately. You may check your account via the mobile app, saved website link, or by calling the number on the back of your credit/debit card. If they have clicked on the link or provided sensitive information, contact Client Services at 800-382-5465.

The “Secret Shopper” Scam

Please be suspicious if you receive checks in the mail from any organization asking you to be a secret shopper on its behalf. Often these offers are simply fraudsters attempting to find new ways to get their hands on your money.

Here’s an overview of how the scam works:

  • You receive checks in the mail (unsolicited) with an offer to be a “secret shopper”.
  • You’re asked to deposit the check and use the funds to do your shopping.
  • Assignment one is often testing money transfer services, like Western Union, or buying gift cards.
  • With the gift cards, you may be asked to send pictures of the cards or send the card numbers with your “shopping” report.
  • By the time you’ve sent in gift card information or transferred money, the bank will have discovered that the original check you deposited was fake.
  • The end result? You will be on the hook for any withdrawals, and likely the fraudsters will have emptied the gift cards using the information you sent them.

Bottomline: Do not proceed with any scheme that asks you to deposit checks and then transfer money or purchase gift cards and send card information. These are scams that can cost you hundreds of dollars of your hard earned money

Beware of calls and texts claiming to be from First Horizon Bank

First Horizon Bank customers may be the target of fraud schemes in which a customer is contacted through phone call, email, or text by fraudsters requesting the customer verify personal bank information. A recent scheme involves individuals contacting First Horizon Bank customers using a telephone number spoofed to appear on caller ID as First Horizon Bank’s legitimate Client Services department phone number. This scheme is an attempt to convince the customer to provide account information, passwords, and in some cases, one-time passcodes that enable takeover of the customer’s account relationship.

It is essential to remember that First Horizon Bank never will contact you directly and ask for your personal or account information that we already have on file. Additionally, we never will ask you to verify your identity by texting codes or passwords to you to confirm who you are. If First Horizon Bank initiates the call, we already will have at hand the information we need.

If you have received a phone call claiming to be from First Horizon Bank and believe you are a victim of fraud or notice potentially suspicious activity on your account, contact Client Services at 800-382-5465.

Protect Your Business: Business Email Compromise Fraud Targeting Construction Companies

A recent fraud scheme targeting construction companies and their vendors involves fraudsters using commercial databases to obtain business identifying information to conduct business email compromise (BEC) fraud.

Fraudsters have been using subscription-based commercial databases to acquire information on commercial construction projects across North America. The acquired database information includes specifics about tens of thousands of construction projects, including key contact information, project costs, bidder lists, plan holder lists, project specifications, and agendas.

BEC fraudsters use this information to register domains similar to legitimate construction company domains that have won job bids and are engaged in ongoing projects. The fraudsters then send an email to the victim company, which includes an attached direct deposit form and instructions to change previously submitted banking information. The new banking information is linked to an account controlled by the fraudster. The victim company then processes the banking information change, and any future invoice payments are made to the altered account.

The following recommendations are to help prevent BEC fraudulent activity from occurring:

  • Confirm requests for transfers of funds by using phone verification as part of a two-factor authentication, and verify/use previously known phone numbers.
  • Carefully scrutinize all email requests for transfer of funds.
  • Verify changes in vendor payment locations by adding additional two-factor authentication, such as having secondary sign-off by company personnel.
  • Color code correspondence emails from employee/internal accounts and non-employee/external accounts using distinct colors, or adjust settings on the email client to attach warning labels to emails originating from outside the organization.
  • Create an email rule to flag email communications where the “reply” email address is different from the “from” email address shown.
  • Create intrusion detection system (IDS) rules that flag emails containing extensions similar to the victim company (e.g., legitimate email is abc_company.com, the IDS rules would flag fraudulent emails for abc-company.com).

If you identify any suspicious or fraudulent transactions that involve your First Horizon Bank account, immediately call First Horizon Bank’s Client Services at 800-382-5465.

New Wire Fraud Scam Reroutes Payroll Direct Deposits

A recent article by CNBC.com details a current fraud scheme where fraudsters are targeting businesses’ Human Resources departments through email. The fraudsters impersonate senior executives and attempt to convince human resources personnel to change employee’s bank account and routing information in order to route employees’ paychecks to offshore accounts owned by the criminals.

Additionally, the fraudulent emails often go undetected because it defies many existing red flags for malicious communications. The emails are well-written, cordial, and lack misspellings and grammatical errors that would typically trigger email filters.

Focus your company’s efforts, which may include adjusting email filters to pick up common traits of this type of request and training employees in security best practices. Ask your company’s executives to avoid using their personal emails when sending messages. Companies that have been seen versions of this fraud scheme can report it the FBI’s IC3 tip line.

Protect Your Business: Fraud Targeting the Retail Industry with Claims of FBI Involvement

A recent fraud scheme targeting major US retailers involves fraudsters calling store employees demanding they withdraw the day’s cash sales for transfer to the fraudsters. Employees were instructed to violate defined company security protocols, particularly procedures applying to handling money.

The fraudsters claimed to be a senior representative from the retailer’s distribution center and employees were able to verify the caller’s name as a current employee through their internal company system or by searching the internet. The callers stated there was a FBI investigation into counterfeit money involving the particular store and employees were to withdrawal all of the cash deposits from the store safe and purchase Visa® gift cards and Green Dot® cards to get rid of the alleged counterfeit cash. The card information was provided to the fraudsters and the purchase receipts were placed into the store safes. In one variation of this scheme, the caller claimed to be from the company and was partnering with the FBI or another law enforcement agency on the investigation. The caller in another variation claimed to be an FBI Agent involved in an investigation against the company. The agent threatened the employee with obstruction of justice charges and arrest if they did not comply. In two of the incidents, the fraudsters sent confirmation emails to the store employees’ personal email addresses.

The victims all claimed the fraudsters had American accents. Additionally, spoofed email addresses and phone numbers were used and the requests were made just as stores were closing which contributed to the fraud scheme’s success.

The following indicators suggest activity indicative of criminal intent:

  • Threatening criminal prosecution
  • Requesting funds via Visa gift cards and Green Dot cards
  • Instructing to violate company security protocols
  • Instructing to commit criminal activity or actions against standard business operating procedures
  • Requesting the use of personal email addresses, phones, and communications instead of company devices for business purposes
  • Requesting employees come into the business, alone, just as the stores were closing for the day

Direct any requests and questions to your FBI Private Sector Coordinator at your local FBI Field Office: https://www.fbi.gov/contact-us/field-offices.

First Horizon Bank's monitoring of the Equifax data breach

First Horizon Bank is carefully monitoring the Equifax data breach and our customers’ accounts for suspicious activity. Customers can get more information from Equifax at https://www.equifaxsecurity2017.com/. We take our customers’ security seriously. Our security measures are well established and rigorously tested, and, as always, we encourage customers to safeguard their financial information.

Learn more about what you can do to protect yourself.

Beware of communication purporting to be from First Horizon Bank

A phishing scheme targeting First Horizon Bank is being sent through text messages. This scheme is an attempt to get the user to reset their security answers. This information is intercepted and used to take over the account.

If you receive a text message regarding this scheme, do not click on the link. If you have clicked on the link and provided sensitive information, we strongly encourage you to change your password and security questions immediately, using the actual First Horizon Bank website at www.firsthorizon.com or to call Client Services at (800) 382-5465.

Avoid credit card skimmers at gas pumps

Being able to use your debit card at the gas pump is convenient; however, be cautious of skimming devices embedded onto the card readers. These skimming devices are used to copy account data as well as PINs if used during the transaction. Once the information is captured, your card information can be used to make counterfeit cards to withdraw cash from your account at ATMs or make card purchases.

To minimize your chance of being compromised by debit and credit card skimmers at gas pumps, use the following tips:

  • If you see anything suspicious on the pump (e.g., damage to the card reader or a potential skimming device) do not use your card at the pump. Make your purchase inside the gas station and inform the clerk of the damage or your suspicions.
  • If you use a debit card, a way to protect your PIN is to select the “credit” option for the payment.
  • Monitor your bank and credit card accounts regularly. If you notice unauthorized charges or cash withdrawals, report them immediately.

If you need to report fraud on your credit or debit card, you can do so by contacting us at 800-382-5465. We are available to assist with card fraud 24 hours a day, 7 days a week.

Protecting seniors from financial exploitation

Elder fraud and financial exploitation is forecasted to become the fastest growing crime in the next 10 years. Sadly, the people exploiting older adults are often family members, caregivers, or other trusted individuals who are handling the financial affairs of a parent, relative, caretaker, or friend.

You can help protect seniors from fraud and exploitation by preventing the abuse and intervene early when the threat is from trusted persons handling financial affairs, fraudsters and theft by staff or intruders.

A variety of things you observe or detect may signal that a senior is a victim of fraud or financial exploitation. Here are a few of the many red flags you may see:

  • Senior, regardless of cognitive impairment, complains or reports that someone is misusing or stealing his/her money or property
  • Senior is unaware of transactions or missing funds
  • Senior is being encouraged to withdraw a large sum of money
  • Sudden transfer of assets or changes in a will
  • Unexplained names on a senior’s accounts
  • Senior lacks basics (e.g., underwear, deodorant) but personal needs account is depleted
  • Observing/hearing a senior being threatened by a family member, caregiver, or other trusted individual
  • Checks or other documents signed/dated when the senior is no longer able to write
  • Senior becomes secretive and suddenly starts hiding possessions or hoarding papers
  • Senior is agitated or distraught prior to or after a family member, caregiver, or other trusted individual visits
  • Senior is refused needed care and medical services in order to keep the senior’s assets available for the abuser
  • Senior who appears to lack decision-making capacity signs new power of attorney document

Your top priority should be early recognition, documentation, and reporting. If you feel a senior is being financially abused, report the situation to your nearest branch. All branches have an Elder Fraud and Financial Exploitation brochure available for additional resources and information.

You can also visit https://ncea.acl.gov/ or http://www.consumerfinance.gov/ for additional information regarding prevention, documentation, reporting and “scam alerts”.

Fraudulent salary review scheme

Please be aware of a scheme involving fraudulent e-mails sent to a company’s tax reporting employee(s) purporting to be from the company’s CEO requesting that a “salary review” be conducted on 2015 W-2s.

These e-mail requests have been determined to be fraudulent and should be deleted. Some companies have already provided Social Security numbers of their employees, which would then be used by cyber thieves for identity theft.

Tips to protect your personal data

With the heightened attention regarding the theft of personal data, we remind our customers to be aware of fraudulent correspondence. Do not provide any sensitive personal information requested through email, text or phone call. Here are some tips we recommend to protect your identity:

  1. Be alert to any unexpected email, calls, instant message, voicemail, or text that claims to be from a bank, credit card, or online company with whom you have an account. In the event that you do receive such a message, it is a good idea to first call the client services number on your bank, credit card, or online statement (but not any number listed in the message) and verify whether the message is legitimate.
  2. Do not respond to any email, phone, text, or fax instructions that prompt you to divulge your personal information.
  3. Do not click on links in a suspicious email or text.

Payday loan scheme

Be aware of a recent payday loan scheme that involves operators fraudulently soliciting money from consumers. The operators of this payday loan fraud scheme are using threatening tactics (e.g., lawsuits, asset seizure, arrest) to force consumers into immediately paying debt on loans they never authorized or paid off several years ago. Those perpetrating this scam have obtained identifying information about consumers (e.g., Social Security numbers, addresses, banking information) and will use this in order to appear as a legitimate collection agency.

Numerous consumers also reported their place of employment has been contacted in an attempt to collect “past due” funds.

To avoid becoming a victim or if you believe you are a victim of this scheme, follow these tips:

  • If you are unsure whether you are delinquent on a payday loan, contact your lender directly using your loan paperwork to find a legitimate contact number.
  • If your place of employment has been contacted and you know you have a loan that you paid in full, inform them you believe you are a victim of a fraud scheme.
  • Never provide personal information to a third party unless you initiated the contact.
  • If you receive a phone call regarding this scam, or have fallen victim, contact local law enforcement and file a complaint with the Federal Trade Commission at www.ftc.gov or the Consumer Financial Protection Bureau at www.consumerfinance.gov.
  • If you believe someone stole your personal information and used it to obtain a fraudulent loan, contact Client Services at 800-382-5465, contact the credit bureau and visit www.identitytheft.gov for tips on what you can do to protect your identity.

ACH Fraud

ACH (Automated Clearing House) is used to process direct deposits, checks, bill payments and cash transfers between businesses and individuals. It can also be a popular way for fraudsters to steal money from unsuspecting consumers. ACH fraud is a scheme that is expected to continue to trend upwards.

To avoid becoming a victim, follow these tips:

  • Never give out any personal information to a third party unless you initiated the contact
  • Monitor your accounts and statements thoroughly, ensuring that all account activity is yours and correct
  • Always log off from online banking sessions
  • Never click on links or open attachments sent from an un-trusted email
  • Store new and cancelled checks in a safe place
  • Use a secure connection when paying online – look for “https” and a green security lock in the address bar of your browser

If you believe you are a victim of ACH fraud, contact Client Services at 800-382-5465.

Important notice: beware of social engineering schemes

Recently there has been an increase in fraud schemes where customers are being contacted by phone or email to obtain personal information, such as account information (account numbers) and/or identifying information (e.g., social security number, date of birth). Some tactics used include advising you that there is a problem or missing information related to your account and additional information is needed to correct the issue. In some cases, threatening tactics may be used (e.g., criminal pursuit, collection agency referral) to obtain this information. To avoid becoming a victim, follow these tips:

  • Do not provide any personal information to an unsolicited caller.
  • Never respond to a phone call or voicemail asking you to verify account information or reactivate a service.
  • Never provide personal or account information over the phone or via email/text, even if it appears legitimate. Contact the organization directly using information listed on their website or other trusted source.

We have the necessary information to conduct business with you and we would not ask you to supply your full account number or card number during a phone call.

If you have received a phone call purporting to be from us and believe you are a victim of fraud or notice suspicious activity on your account, contact Client Services at 800-382-5465.

How to avoid a card cracking scam

Card cracking is a form of fraud where consumers respond to an online solicitation for "easy money" and provide a debit card for withdrawal of fake check deposits. Click here to learn more.

Beware new social media fraud scheme

In a recent social media scheme (primarily Facebook), users are being enticed into opening new accounts or using their existing accounts in exchange for merchandise or “fast cash.” The proposal is typically made via a post with pictures of cash or other items encouraging anyone interested to comment for more information. The accounts are ultimately used to conduct transactions involving the deposit of fraudulent checks and subsequent fraudulent card purchases/ATM withdrawals.

Consumers should be aware that participation in this type of scheme is illegal and that you may be held responsible for purchases or cash withdrawals made from the proceeds of a fraudulent check deposit. Such activity could result in account closure and possible criminal prosecution.

If you have any questions or see any posts like this on Facebook or other social media sites, please contact Corporate Security at 901-523-5336.

Beware of unsolicited offers

If you receive an unsolicited offer that promises you something in exchange for money or account information, you should not respond unless you are sure the offer is legitimate. Common scenarios include offers that require an upfront fee, requests to wire funds, a notice that you won a lottery/contest, or a person on a social website who asks for money (e.g., travel money to meet you, emergency cash, medical bills, etc.).

If you receive an offer or request and are unsure if it is legitimate, contact Client Services at 800-382-5465. Remember, if it sounds too good to be true, it probably is.

If your business accepts wires, beware

If your business accepts wires and/or sends outgoing wires to or on behalf of customers, beware of a scheme in which hackers can take over a legitimate email address and initiate fraudulent wire requests. (See article "Important Notice: Beware of Recent Email Scheme" below.)

Ensure that your business has procedures in place to verify any wire that is received via email or fax. For example, calling your customer directly using a phone number on file before proceeding with a wire can determine if the customer actually sent the request.

If you become aware that your customer's email has been compromised, advise the customer to contact their email and virus software providers, as their password/account information could have been compromised by a third party.

Important notice: beware of recent email scheme

The First Horizon Family of Companies takes your account security very seriously. Sometimes fraudsters have the ability to take over a customer's email accounts and send requests to bank employees asking for wire transfers or account information. Please be assured that we will never disclose your personal account information or initiate a wire transfer via e-mail.

There are steps you can take to help protect yourself against this scheme, such as:

  • Do not provide confidential information via email (i.e., account number, balances, Social Security number, PINs, etc.). If you must provide an account number, use only the last 4-6 digits.
  • Note that we already have the information necessary to do business with you; you will not be asked to supply personal information via email
  • Whenever possible, discuss sensitive banking information via telephone or in person
  • Use a strong password on your email account
  • Make sure your computer is free of malware
  • Ensure your anti-virus software is up-to-date

If you become aware of sensitive information that has been compromised through your email, contact your email and virus software providers, as your password/account information could have been compromised by a third party.

Need more info?

Email Us
800-382-5465
Find a Location
Visit our Learning Center