Fraudsters Set Their Sights on Financial Firms

Solutions that help protect your business and customers from fraud

Imposter scams and call spoofing are exploding and often involve the phone channel. Advances in AI, deepfake technologies and large language models are making it even more tricky for consumers to tell the difference between real and fake phone calls. But call spoofing, data breaches and imposter scams don’t just impact consumers, they also affect businesses — especially financial institutions.

Because consumers are particularly wary when it comes to discussing their finances, it’s no surprise they prefer to use the phone when communicating with banks, credit unions and other financial service institutions.

The more personal information scammers can get, the easier it is to build a believable scenario to defraud consumers through call spoofing. 

Subscriber losses to fraudulent robocalling were expected to exceed $76 billion globally in 2025, rising from $64 billion in 2023. (Juniper Research)

According to the 2025 Annual Data Breach Report, the number of data compromises in 2025 (3,322) increased by 5% compared to 2024 (3,152) — up 4% from the previous all-time high and a 79% jump over five years. The report notes: 88% of people who received a data breach notice experienced at least one negative consequence after a breach, including increases in: “phishing” or scam attempts (40%), spam emails or robocalls (49%) and attempted takeovers of existing accounts (40%).

Consumers have few options to protect themselves, so the burden rests largely on financial institutions to implement technologies and solutions to address this rapidly growing issue.

For more details, download the eBook: Fraudsters Set Their Sights on Financial Firms

What’s call spoofing and why is it critical to perpetrating fraud?

Call spoofing occurs when a caller intentionally falsifies the phone number and caller ID information transmitted by phone. It’s often used in imposter scams to make calls to consumers look legitimate — commonly appearing as a financial institution or other trusted business partner — to steal money or personal information.

While bad actors are tapping into many channels to commit fraud, the phone is often seen as the tipping point for consumers who feel reassured enough by a human (or deepfake) voice to click on a text or email link or share a one-time passcode.

According to the FTC, imposter scams were the most frequently reported fraud, and have been since 2020. Consumers filed more than 1 million reports about imposter scams, with losses amounting to over $3.5 billion.

The phone remains an incredibly popular communication channel

Even with a clear understanding of the risks, consumers still prefer a personal experience for high-value, private exchanges of information — and the phone remains the channel of choice. Enterprises agree, ranking the phone as one of their top strategic tools for improving the  customer experience.

But today’s consumers want stronger protection against unwanted calls and fraud, along with a way to trust phone calls again so they can safely answer calls that matter, including those from financial institutions, schools, healthcare organizations and more. They want to know for sure when to pick up.

As for businesses, they’re struggling to protect their brands and revenue from fraudulent activity.

Financial fraud continues to evolve rapidly

Spoofed calls erode trust, drive up costs and increase regulatory risks for finance firms. Sixty-three percent of decision-makers in a 2025 Forrester Consulting study — commissioned by TransUnion — rated call spoofing among their top five challenges in outbound voice and the second most common hypothesis as to why existing customers are not answering calls.

The impact is far-reaching:

• 81% reported a surge in customer service inquiries — driving up costs
• 72% saw declining customer trust, hurting retention
• 65% experienced decreased effectiveness of communication campaigns

Download the infographic here.

In 2025, the financial services industry was the most breached industry — followed by healthcare. Smaller banks and credit unions are especially at risk because they lack the data, operational resources, solutions and technologies larger institutions have in place to prevent fraud. In addition, smaller financial institutions depend on a more personalized approach with customers and rely heavily on the phone channel for providing customer service.

Plus, bad actors often leverage call spoofing to masquerade as bank employees as part of a multichannel approach to commit fraud. Paired with convincing social engineering schemes designed to fool targets into thinking their bank accounts have been hacked, fraudsters trick their victims into providing sensitive account information or wiring money through bank payment apps like Zelle or Venmo.

Things are getting even more challenging with increasing use of AI technology like voice deepfakes. These scams and other types of phone fraud not only erode consumer trust, they also harm a business’s reputation. According to the TransUnion Q4 2025 Consumer Pulse Study, 42% reported they were targeted with an email, online, phone call or text messaging fraud scheme but didn’t fall victim (a three-percentage-point increase from Q4 2024) — while another 7% said they were targeted and fell victim (down from 9% a year ago).

More than half of consumers left open to fraud following data breach notifications

Almost a third (30%) of Americans said they were notified details about their identities and/or online accounts were stolen in a data breach in the last three months. In response, less than half (46%) said they checked the affected account for unauthorized activity and just 41% changed the password on the affected account. Around one-third took steps to protect themselves by changing passwords on unaffected accounts (34%) and checking their credit reports for unauthorized trades like credit cards, auto loans and personal loans (36%). Data breaches give fraudsters another opening to target consumers when it comes to call spoofing and impersonating people to try to get personal information to commit fraud.

How exactly do spoofed calls happen?

Businesses, particularly financial institutions, are reporting fraudsters often jumpstart scams by obtaining a consumer’s name, phone number and address through social engineering schemes like phishing attacks or a data breach. That data often ends up on the dark web.

25% of legitimate outbound calls are mistaken as spam (Source: TransUnion internal statistics)

The bad actor then spoofs the phone number of a financial institution and calls the customer, posing as a representative of that organization.

Due to the highly personal nature of a human voice on the phone, and the fact fraudsters have become very good at creating convincing stories, consumers frequently believe they’re speaking with an individual they can trust. The fraudster often follows up by sending their target a fake SMS link to seal the deal.

The limitations of call analytics

Although industry initiatives like STIR/SHAKEN call authentication have helped curtail call spoofing, it’s insufficient for some key use cases. In these instances, mobile operators can’t easily differentiate between legitimate and spoofed calls, allowing some fraudulent calls to get through. Furthermore, many legitimate calls from businesses are being blocked or mislabeled as spam — so customers don’t pick up.

Solutions that help curtail call spoofing

There are numerous measures financial institutions can take to reduce call spoofing, including the implementation of Transunion Spoofed Call Protection (SCP). SCP empowers organizations to digitally ‘sign’ their own calls so they can distinguish between legitimate and spoofed calls and apply proper call treatment. This puts call authentication in the hands of the business — which is clearly vested in protecting itself and its customers from spoofed calls and the financial damage they can inflict.

When a financial institution signs its own calls using SCP, it’s ensuring full, end-to-end call authentication — and stopping spoofed calls before they even reach the consumer. 

SCP differs from other solutions in that it doesn’t label legitimate calls as ‘Fraudulent’ — which often prompts users to block all future calls from that number (including legitimate calls from the business). Instead, it gives the mobile operator the intelligence it needs to confidently block spoofed calls. As a result, only legitimate calls get through to consumers.

Download the eBook to find out how Spoofed Call Protection (SCP) can help you protect your customers — and your brand — from call spoofing and fraud.