Suspicious Activity: How to Detect and Report It

Share to Facebook
Share to LinkedIn
Share to Twitter
Share to Email
Share to Pinterest
Share to Email

Identity theft is on the rise. Each year, millions of Americans are affected by identity theft. And when the deed is done, their bank accounts are typically left with tumbleweeds.

In 2022 alone, $20 billion was stolen though identity fraud.

With more than 1,800 data breaches in 2022, cybercriminals seem to be getting more effective at reaching their goal. However, our increasingly digital world requires that we move toward more digital finance. It’s a classic catch-22 situation.

Shrinking from the reality of modern banking by keeping your cash in a coffee can under the bed isn't the answer.

Instead, you can take steps to protect your information. Keep reading to find out how to spot suspicious financial activity before it turns you into a victim.

Identifying Suspicious Activity: What to Look For

The best way to avoid a scam is to spot it before it strikes your bank account. Although countless scammers will try to worm their way into your accounts, you can stop their endeavors by skillfully detecting suspicious activity.

Internet Fraud

The internet is a playground for scammers that want to steal your hard-earned money. Here are some common ways that scammers operate: 


Payment apps can be useful tools to move money quickly. Splitting a meal with a friend or sending money to your roommate for rent is much easier with payment apps such as PayPal, Zelle, CashApp, and Venmo.

However, with the rise of this convenient method of payment has come a new scam tactic. Scammers can steal thousands of dollars through these apps within just a few minutes. Unfortunately, it's not guaranteed that you'll be reimbursed for your loss.

There are a few different ways for a scammer to take advantage of payment apps:

  • Unauthorized fund transfers. A thief can use your stolen information to transfer money out of your bank account through a payment app.

    How do they do this? It can be done through a data breach, skimming, or even a low tech way – asking to “borrow” your phone in an emergency to “phone a friend” when they're actually accessing your payment apps.

  • Seller scams. If you're buying an item through a peer-to-peer marketplace, then it pays to be cautious. A thief can pose as the seller of an amazing item at a great price, like concert tickets at less than face value.

    Of course, it's tempting to buy the item but you should proceed with caution. Try to have your item in hand before you send over the money. Otherwise, you may never receive your item after sending over the money.

  • Buyer scams. As the seller of a good, you should be equally wary of payment apps. Even if the money appears in the balance of your payment app, you're not necessarily in the clear.

    The money may seem to be in your account but it's only on the assumption that the payment made will be processed soon. The thief can dispute the charge later to create a “chargeback” which will leave you without the payment.

One effective way to prevent both buyer and seller scams is to suggest meeting at the parking lot of your local police station. Typically, this helps to deter would-be scammers from picking you as a target.

To ensure unauthorized transactions aren’t occurring, check your bank accounts often. With the Axos app, you can monitor transactions from accounts at any bank thanks to our Personal Finance Manager tool, which allows you to link your accounts.


Account takeover fraud is as simple as it sounds  the hacker literally takes over your account. Using your information, they can drain bank accounts or make obscenely large purchases with your credit card.

There are many ways for scammers to get your account information. Here are a few of the more common methods:

  • Data Breaches. You've likely heard about data breaches in the news. When a data breach occurs, it opens up your private information to scammers. They can then infiltrate your accounts and impersonate you to steal your money.
  • Card skimmers. Some scammers will steal your information through a card skimmer. These little devices are placed where shoppers insert a credit or debit card during a transaction.

    You can spot a skimmer by checking to see that the card reader does not wiggle or by checking the integrity of the security seal. Gas pumps closest to the store or cashier are often less easily fitted with a card skimmer.

  • Trash. If you throw away financial statements, any thief can steal this information out of your trash. The best way to avoid this is by shredding all documents with important information.
  • Changed mailing address. When you move to a new place, it's easy to forget to change your mailing address. If bills and bank statements still go to your old address, then you're vulnerable to fraud.
  • Point of sale. Anytime you purchase something in-person or over the phone, the employee handling your credit or debit card has an opportunity to steal your information. They simply need to scan the card or write the information down as they process your purchase.

Phishing, Vishing, and Smishing

Phishing, vishing, and smishing are different kinds of attempts to steal your personal information. Luckily, some of these attempts can be easy to stop if you know what you're looking for.


Phishing emails are an attempt to obtain your personal information. The fraudster will send you an email with a sense of urgency to prompt you into taking the bait. Here are some things that can help you spot fake emails.

  • Do you know the sender? If you don't recognize the sender, then don't click links or download attachments.
  • Does the email sound suspicious? Even if you recognize the sender, ask yourself if this email is the type of message you'd usually receive from them. If not, call or text the person to find out if the email is legit before clicking any links or downloading attachments.
  • Does it request personal information? If the email outright requests personal information, then you can easily classify it as a phishing attempt.
  • Is there an attachment? If there's an attachment that you didn't expect in the email, confirm its content with the sender before opening it.
  • Are the links legit? When you hover over the links within the email, do they take you to the correct place? If not, it's likely spam. You can head to the link that you know is correct directly through your browser to check out the potential request.

    For example, if “your bank” emails you about an account problem, you can go to the URL that you know is correct to find out more.

  • Are there grammatical errors? If there are overt grammatical errors or typos, then proceed cautiously.


Vishing is another attempt to obtain personal information. In this scenario, a scammer will contact you over the phone to solicit your sensitive details.

Over the phone, scammers will rely on social pressure to trick you into giving away your information. Luckily, a vishing attempt is easy to combat if you know what to look for.

If “your bank” calls to confirm personal information, immediately hang up – even if they’re calling from a seemingly valid number and reason. A financial institution will never call you to confirm your personal information without cause.

You can always call your bank back at a number you know is legitimate to validate the request.


Smishing is very similar to phishing and vishing, with the attack happening through a SMS (text) message. When you're the target of a smishing scam, the text usually contains a link or phone number with instructions to act immediately.

To stop a smishing attack, don't click on links from unknown phone numbers. Your best response is to delete the text.

How to Report Suspicious Activity

If you detect that you're the target of suspicious financial activity, it’s important that you take the time to fight back.

First, call your bank immediately. Your bank should be able to help you identify the issue and work through any consequences of this activity. Hopefully, your bank also has protections in place to safeguard against these attacks.

Next, report the attack to a regulatory agency. If this attack is part of a coordinated criminal campaign, the public has a right to know about it. You can lodge your complaints here:

  • Internet Crime Complaints Center: The IC3 will process your complaint and work with the appropriate law enforcement agencies for investigation and public awareness.
  • If you suspect the suspicious activity is part of an international scam, will take the appropriate action to inform consumer protection agencies across the globe.
  • Federal Trade Commission: You can report a wide range of criminal activity here. While the FTC will not be able to resolve the complaint, they can outline the next steps that you should take.
  • Department of Justice: If you aren’t sure where to report the attack, then work with the Department of Justice to find the best avenue.

Broaden Your Financial Fraud Knowledge

The more you know, the easier it is to detect and stop suspicious activity. Here are some common questions about detecting and reporting financial fraud.

Where should I report a financial crime?

Call your bank immediately and then report the activity to your local authorities as well as related regulatory agencies. Your local law enforcement agency and your bank can provide guidance on which agencies to contact.

Do banks investigate fraud?

Yes, banks are required to investigate fraud claims and try to remedy them. The Consumer Financial Protection Bureau has an excellent article detailing how banks and credit unions investigate fraud.

What is identity theft?

Identity theft is the unauthorized use of a consumer’s private information. This includes accessing someone’s bank account without permission, using someone else’s credit cards to make fraudulent charges, and stealing someone’s Social Security number to falsify documents. Essentially, it’s accessing and using stolen financial information.

What should I do if my debit or credit card is stolen?

Report the theft or loss to your bank right away by calling or sending a secure message. You should also review your accounts for any unauthorized activity.

What should I do if I click on a phishing link?

No need to panic! Make sure that you don’t enter any personal information after following the link. You should close your browser and all tabs, ensure that nothing was downloaded, and change the password to sensitive accounts.

Key Takeaways

While there is a trend of increasing suspicious activity and data breaches, the good news is that you’re not helpless. Protect yourself by staying informed and taking appropriate action as soon as possible to avoid a painful and expensive experience.

Axos takes your security very seriously and uses state-of-the-art encryption technologies and industry-leading security practices to keep your information safe. Our Security Center provides details on how we protect accounts and provides additional tips on how to stay safe.

Suspicious Activity: How to Detect and Report It

This blog post was published by Axos Bank on August 28, 2019 and last updated on October 4, 2023.

Get Axos Digest
Sign up to receive insightful content every two weeks.