Companies and individuals are using authorized push payments (APPs) to make and accept payments faster than ever before. But with the rise of this capability comes a greater opportunity for cybercriminals to con people out of thousands of dollars that are later deemed irrevocable. In fact, about 41% of businesses reportedly encountered APP fraud in 2020 – a statistic that continues to rise as more people adopt this method of payment. It’s important to understand what APPs are and how cybercriminal try to trick you into making these fraud payments.


What Are APPs?

Authorized push payments are digital payments that are authorized by the users and then “pushed” from their account to the recipient. The speed at which these payments are done attracts cybercriminals to manipulate the senders into authorizing payments into these fake accounts and extract the funds immediately. This makes it difficult for banks and financial institutions to reclaim funds since the authorization was initiated directly by the person or the company.


How Does APP Fraud Work?

Cybercriminals use social engineering techniques to gather information and impersonate a person or company in making a “legitimate” request. Whether it be a contractor you’re working with, or the CEO of the company, cybercriminals will do whatever it takes to pose as these individuals and get you to respond to item like fake invoices or requests of banking information.

The key signs to watch out for are:

·        Money transfer requests (invoices, paying indifferent currency, etc.)

·        Urgent confidential requests without consultation

·        Requests of changes to a person’s or company’s profile information

·        Requests of changes to documentation or other important contracts


Ways to Prevent APP Fraud

  • Verify the Request: Make sure the person or company sending you the request is legitimate. Avoid falling for any tricks that you may notice in the request. Don’t authorize any payment unless you are made absolutely sure the recipient is authentic to who they say they are.
  • Establish Dual Controls: Your company may already have this in place. For individuals, confer with a trusted friend or advisor to verify the identity of the sender.
  • Keep Up with Current Fraud Scams: Know what cybercriminals are doing and stay updated on fraud scams occurring in your area.
  • Contact Your Financial Institution: Reach out if you are uncertain about the email. Your financial institution will more than likely know about the fraud and help you through authenticating the message.
  • Report Fraud: If you are certain this case is fraudulent, contact your financial institution or submit a report to


Contact us at 1-877-FSB-1879 for any concerns on fraud scams you may have encountered.  

This blog is intended to be an informational resource for readers. The views expressed on this blog are those of the bloggers, and not necessarily those of FSB. This blog does not provide legal, financial, accounting or tax advice. The content on this blog is "as is" and carries no warranties. FSB does not warrant or guarantee the accuracy, reliability, and completeness of the content on this blog.