Commercial Insights
Infographic  >   Fraud and Risk Management

Will Your Organization Make the Fraud 'Naughty or Nice' List?

Oct 07, 2025

Phishing is a social engineering scam where fraudsters use texts or emails that seem to be from legitimate sources to request personal, financial and/or login credentials with which to access accounts or demand payments. Phone calls (“vishing”) are also common in this type of fraud.

The holidays are an especially busy time for corporations and consumers, but also for criminals.

  • Fraud attacks increase 15-30% versus the rest of the year.1
  • Account takeover attacks increased 56% during Q4 2024.2
  • Fake merchant sites and other AI-driven scams soared 284% last year.3

Does your staff how to recognize and prevent fraud — and stay off the “naughty” list?

Infographic describing Will Your Organization Make the Fraud “Naughty or Nice” List. A full description is available through a link beneath the image.

You receive a call from a number you don’t recognize.

This tactic is “vishing.” If you don’t recognize a number in caller ID, don’t answer. If you answer and the caller asks about your account, but you are unsure of the caller’s identity, don’t disclose personal information. Hang up and contact your financial institution immediately via an established phone number.


You receive an “urgent” vendor request for payment with a link to enter details, but the email address doesn’t match the one on file.

Don’t click on the link, which may contain malware. Call the vendor to confirm they sent the    request. If they didn’t, send the email to your IT as a “phishing attempt,” if applicable.


A representative from your financial institution calls to ask about “suspicious” charges on your account. He then asks you to provide your account login for further investigation.

Hang up. This is also vishing. Your financial institution will never call, email or text you to ask for   personal information. Use an established phone number to contact your financial institution directly to report the incident.


The accounts payable director for your organization is at a conference. You receive an urgent voice mail in which she asks you to wire $1k to cover additional costs for the company’s exhibit at the conference.  

This could be a deepfake. Don’t wire the money and don’t call the number provided in the voice mail. Instead, verify the request through an established contact method and follow your company's payments and security procedures.


You receive a personal email, with a link, to receive a discount on a product you’ve been browsing on their site.

This is also phishing. Don’t click the link. To ensure you’re not engaging with a fake website, type the company’s known address into the browser yourself. Look for a site seal that verifies its authenticity. Check the site’s security information for TSL/SSL certificates. The organization validation (OV) and extended validation (EV) certificates ensure the business is registered and/or has the highest level of authentication.

If you receive phone calls or emails with requests of this type, hang up and don’t click links. Immediately contact your financial institution directly. Synovus clients can call bankers directly or 888-SYNOVUS (796-6887) to verify the authenticity of incoming calls or other attempted contacts.


Want to avoid the naughty list?

For more information on how to prevent phishing, spoofing and other business fraud, complete a short form and a Synovus Treasury & Payment Solutions Consultant will contact you with more details. You can also stop by one of our local branches.

Related

Fraud and Risk Management

How Quick Service Restaurants Can Prevent Fraud and Protect Profits in 2025
Restaurant fraud is rising fast. Learn practical strategies that help quick service restaurants prevent account takeover fraud and reduce chargebacks.
Read the article
Article 8 mins

Fraud and Risk Management

Guide to Cybersecurity Insurance: Why Your Organization Needs It
Fraud is a universal problem. The average single data breach cost $4.48 million in 2024. Cybersecurity insurance and fraud insurance are smart investments.
Read the article
Article 9 mins

Fraud and Risk Management

How Corporations Can Combat Generative AI-Driven Fraud
AI scams cost companies and consumers billions of dollars each year. Fraudsters are stepping up fraud attacks with generative AI to create believable communications with intended victims. Know the signs and how to protect your organization.
Read the article
Article 7 mins
Recent

Important disclosure information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Sift, “New 2024 Data Available in Sift’s Fraud Industry Benchmarking Resource (FIBR),” February 6, 2025 Back
  2. Ibid Back
  3. Forter, “The Fraud Fighter’s 2024 Holiday Checklist,” July 18, 2024 Back