Privacy and Security

Scams Target PPP Loan Recipients and Treasury Management Customers

We are aware of a sophisticated and rapidly evolving scam actively targeting two groups of HomeTrust customers:

  • Former Paycheck Protection Program (PPP) loan recipients, and;
  • Treasury Management customers using Commercial Center.

Fraudsters are exploiting publicly available PPP loan data released by the U.S. Small Business Administration (SBA) and impersonating banks, law enforcement, and government agencies to deceive customers into sharing sensitive banking information. These scams are highly convincing, often involve multiple communication channels, and may use highly accurate loan or business details to appear legitimate.

HomeTrust Bank and other financial institutions in the Carolinas are seeing a rise in these attacks. Cases involve calls from Florida phone numbers and attempts to intercept One-Time Passcodes (OTPs) used for digital banking authentication.

What’s happening:

Scammers are targeting PPP loan recipients and business banking customers using publicly available SBA loan data. They impersonate HomeTrust Bank employees, the SBA, or law enforcement to steal login credentials and one-time passcodes.

Why it’s working:

Fraudsters have your business name, loan details, and bank info from public records—making their calls sound legitimate.

What they want:

Access to your Commercial Center account to initiate unauthorized wires, manipulate ACH files, or redirect payroll.

Key red flags:

  • Calls from a Florida number or a spoofed number which appears to be HomeTrust Bank.
  • Caller asks for one-time passcodes or passwords.
  • Claims urgent payment/fraud issue needs immediate action.
  • Tells you to “stay out of your account” while they fix something.
  • Claims a warrant has been issued or immediate payment is required to avoid arrest.
  • References specific PPP loan details you didn’t share.
  • Unexpected letters mailed to your business instructing you to call a phone number about urgent account or digital banking issues.

What to do:

  • Hang up and call our Customer Care Center at 800.627.1632 or contact your Relationship Manager.
  • Never share OTPs, passwords, or device codes. HomeTrust Bank will never ask you for a one-time passcode, password, or device authentication code under any circumstances.
  • Enable dual control for wires and ACH transactions.
  • Set up alerts for new device enrollments and password changes.

Suspect you have been targeted in this scam?

If you believe you’ve been targeted by this scam—or if you’ve already shared a passcode, password, or other login information—contact us immediately. Quick reporting significantly increases our ability to prevent fraud on your accounts. Complete this form to connect with our fraud support team, or call your relationship manager directly. Your security is our top priority, and we’re here to help you protect your business.

You can also call our Customer Care Center at:

Phone: 800.627.1632

Hours:

  • Monday – Friday 8:00 a.m. to 7:00 p.m.
  • Saturday 9:00 a.m. to 3:00 p.m.

More Information

Why is this happening?

Because PPP loan recipient information is required by the government to be shared publicly (not by individual banks like HomeTrust) fraudsters use this data to tailor highly convincing outreach.

Additionally, PPP loans were issued primarily to businesses. Many PPP recipients use Treasury Management (TM)  services and Commercial Center to manage their accounts.

These scams frequently involve:

  • Calls from Florida numbers or faked/spoofed numbers.
  • Claims of issues with ACH, wire, or payroll transactions.
  • Fraudsters instructing customers to “stay out of your account” while they “secure it”.
  • Requests for one-time passcodes (OTPs) used for online banking.
  • Attempts to approve new devices or reset credentials.
  • References to Commercial Center access of suspicious activity.
  • Follow-up calls or texts limited to coincide with OTP delivery.

These tactics mirror patterns observed by state bankers’ associations and peer banks across the HomeTrust Bank footprint.

Variations of this scam

Recent cases affecting HomeTrust customers have included several variations of this scam. These attempts have targeted both PPP borrowers and Treasury Management customers and have involved the following tactics:

  • Impersonation calls from “Chad from HomeTrust Bank”, a recurring alias used by fraudsters claiming to be HomeTrust Fraud or Operations staff.
  • Suspicious letters mailed to customers directing them to call fraudulent numbers about “urgent account issues”, “digital banking problems”, or “required verification”.
  • Calls from Florida-based phone numbers claiming to be from “HomeTrust Fraud” or “HomeTrust Security”.
  • Requests to verify ACH batches, payroll files, or wire transfers, especially to Commercial Center users.
  • Claims of suspicious login attempts in Commercial Center to justify credential or OTP requests.
  • Requests for one-time passcodes (OTPs) tied to real Commercial Center login prompts initiated by the fraudster.
  • Instructions to avoid logging into online banking while the caller “secures the account”, a major red flag.
  • Attempts to enroll unauthorized devices.
  • Efforts to initiate fraudulent wires or manipulate ACH batches/files.

These patterns are consistent with statewide alerts issued by the North Carolina Bankers Association and broader national trends observed by federal regulators.

Learn more about how to avoid scams and keep yourself, your business, and your money, safe from fraud. Visit the Privacy and Security page of our website, and explore our Personal and Business Financial Tips as well.