First Financial Bank will NEVER, under any circumstances, ask clients to provide full credit card numbers, login credentials, or verification codes. Social engineering scams are on the rise — learn more below. If you receive any messages or calls from someone claiming to be a representative of First Financial Bank, or if you suspect fraudulent activity, please hang up and call us at 866.604.7946.

Commercial fraud and online safety resource center

If you suspect you've been targeted by fraud, call the First Financial Bank Business Support Center (BSC) at 866.604.7946.

Fraud leads to lost time, profit, and productivity. The best defense against fraud is preparedness. First Financial Bank monitors the latest fraud trends and tactics scammers use so you can keep your organization safe.

Stay alert: fraud trends

Social engineering is when scammers pose as someone you would trust in order to access personal information or account credentials. This can occur several ways, but the most recent trends are:

  • You receive a call or text message from someone claiming to be with your bank's fraud department investigating a suspicious transaction, often a wire due to the large sum and time-sensitive nature.
  • The scammer will ask for sensitive information in order to "verify your identity" — information like your username and password, or for a one-time verification code sent to your phone.
  • Sometimes, they will even text you a link and ask you to log in using that link. The link may send you to a webpage that looks like your bank's, but it is a fake website that will store your information and give the scammers access to your accounts.

Protect Your Login Credentials

  • Never share your username, password, PIN, or one-time security code with anyone, including a bank employee.
  • Our staff will never ask for your full login credentials by phone, email, text message, or in person.
  • If you receive any request for this information, even if the caller or sender claims to be a First Financial Bank employee—DO NOT COMPLY.

Recognize Fraud Threats

  • DO NOT comply with requests for sensitive information through unsolicited phone calls, emails, social media messages, or text messages.
  • DO NOT click on unsolicited and suspicious links, open unexpected attachments, or requests to download any software. If in doubt, contact your trusted First Financial Bank contact or our Business Support Center directly using a known or official phone number.

Phishing attacks take many shapes, but they all start the same general way. You’ll receive an email or a text that looks like it is from someone you know or don’t know asking you to click a link. How phishing works:

  • You get an email or text from someone you know (or don’t know) asking you to click on a link, provide banking information, a password, or other sensitive information.
  • The message looks authentic and can convey a sense of urgency.
  • After clicking the link, you may be asked to provide confidential information such as banking information, a password, or other content.
  • It's also possible that the link was infected and installed malware (malicious software) on your device without your knowledge. The malware will record your sensitive information whenever you use the device in your daily activity.
  • The malware can infect not only the device of the person who clicked the infected link, but can infect entire systems and networks.

Protect your organization by ensuring your employees know:

  • Never click an unsolicited link or share sensitive information over email or text.
  • If you are suspicious of an email or text, double check the sender’s email address or phone number and compare it to the trusted contact information you have on file.
  • Contact the group or individual that sent the email or text directly by using the contact information you already have on file and validate the request. 
  • Rest assured that requesting validation of suspicious or unexpected requests is standard risk mitigation practice.

Artificial intelligence tools are more advanced than ever before. These tools make it easier for criminals to deceive their targets and broaden their reach businesses of all sizes. Here’s what to watch out for:

  • Suspicious images, videos, or voice calls impersonating executives, managers, or other people you are working with.
  • Artificially generated invoices, contracts, or bank fraud alerts aimed to capture sensitive information.
  • Sophisticated fake websites pretending to be from services or banks your organization has a relationship with.

Protect your organization:

Artificial intelligence tools are more advanced than ever before. These tools make it easier for criminals to deceive their targets and broaden their reach businesses of all sizes. Here’s what to watch out for:

  • Establish secret phrases to confirm the identity of the person and the validity of their request.Artificially generated invoices, contracts, or bank fraud alerts aimed to capture sensitive information.
  • Adopt dual controls so that no one individual can perform a request for scammers.
  • Validate all requests for payment or passwords with the person who made the request by contacting them directly by using information you already have on file.

Payment fraud is when criminals use stolen or false information to gain access to funds and accounts or to make unauthorized payments. The most common forms of payment fraud are:

Check fraud

Surprisingly, 92% of organizations continue to use checks to pay their vendors.2 Checks present a few unique security challenges that organizations should be aware of. Some of the most common forms of check fraud are:

  • Check washing, which refers to the process of stealing a check, erasing the ink, and either writing a higher value to a different recipient or duplicating and selling the blank checks. Protect your organization by writing checks with permanent ink, retrieving your mail frequently, dropping mail directly inside your post office, and using electronic forms of payment instead.
  • Counterfeit checks, which can be created when someone gains access to your routing and account number and accesses your funds without your consent.
  • Mail theft, which can allow criminals access to account numbers or other personal information that can then grant them unauthorized access to accounts and funds.
  • Deposit theft, which occurs when criminals take a legitimate check and deposit it into a bogus business. Wire fraud and cash-back scams:

Business Email Compromise:

Scammers have sophisticated methods of impersonating known businesses and individuals via email. These methods are used to request payment, either to false accounts or through links to fraudulent websites that will install malware and give the criminals access to sensitive information. 

  • Don't use email as payment instruction. Always verify payment requests by calling a trusted number, setting up security phrases, and setting up dual control for payment initiation.  

The 2026 fraud best practices checklist

An average of 80% of organizations are victims of payments fraud attacks every year.1 We've put together a monthly breakdown of tips and strategies to help your organization be proactive about fraud prevention. Here's a preview:

  • Conduct an annual review of accounts, access, and systems.
  • Update antivirus software, firewalls, and browsers, and disable unnecessary plugins or cloud access.
  • Assess your payment policy.
Download checklist

Information hub

It’s not if, but when: Real-world fraud attacks and how to prepare

Learn from real-life scams we've helped our clients navigate.

4 Tips to Protect your Business from Fraud: Keeping Your Business Safe

Strategies for Your Business to Combat Financial Fraud and Enhance Security

5 Critical Fraud Focus Points to Safeguard Your Business

View all articles

Fraud mitigation services

Positive Pay Services

Combat and safeguard your assets from ACH and check fraud. Review suspicious transactions and perform daily reconciliation with ease, knowing you've implemented another level of protection.

  • Check Positive Pay automatically reports any checks used for payment that do not match your daily uploaded check issue file so that you can approve or return.
  • ACH Positive Pay protects you by alerting you to debits that break pre-set parameters so that you can return unauthorized transactions.
  • Reverse Check Positive Pay provides an online list of all checks presented for payment for your verification.

Enhanced Security Controls

Layer our enhanced security controls to manage against cyber threats and vulnerabilities.

  • Increase oversight and reduce errors with added protections like dual payment approvals, dual administrators, and multi-factor authentication.
  • Customize administrative capabilities for different roles or personnel in your organization with access controls and limit controls.

As a bank we deliver services that are proven to help combat fraud and mitigate loss. Learn more, and ask your banker what makes sense for your organization.

Risk management tools

1 "2025 AFP Payments Fraud and Control Survey Report;" Association for Financial Professionals. https://www.afponline.org/training-resources/resources/survey-research-economic-data/details/payments-fraud.

2 "Making the Switch: Moving from Checks to Digital Payments;" Association for Financial Professionals. https://www.afponline.org/training-resources/resources/articles/Details/making-the-switch-moving-from-checks-to-digital-payments.