Cyber Fraud Alert: ONPointe Imposters Target Bank Clients

Old National Bank (ONB) has issued a cybersecurity alert warning clients about a new scam targeting users of the ONPointe banking platform. According to ONB, cybercriminals are impersonating the ONB ONPointe Fraud Team in an effort to gain unauthorized access to sensitive client information.

These scams are particularly dangerous because the criminals demonstrate advanced knowledge of ONPointe and other banking applications, making their outreach appear credible and professional. Clients have reported receiving fraudulent phone calls, emails, and text messages from individuals posing as ONB representatives.

What Is Happening?

Criminals are contacting Old National Bank clients and pretending to be members of the ONB ONPointe Fraud Team. Their goal is to trick users into sharing confidential account information under the guise of fraud prevention.

Scammers may request sensitive details such as:

• Account passwords

• Multi-factor authentication (MFA) codes

• ONPointe software activation keys

To increase legitimacy, fraudsters may use spoofed caller IDs, email headers, or phone numbers, making it difficult to distinguish between real and fraudulent communications.

Who Is Impacted by the ONPointe Scam?

Old National Bank has not disclosed the number of affected clients, but the bank warns that anyone using ONPointe services could be a target.

Clients who respond to these fraudulent messages risk exposing their personal and financial data, which can result in:

• Unauthorized transactions

• Account takeovers

• Identity theft

Beyond immediate financial losses, victims may also face long-term consequences, including:

• Credit fraud

• Regulatory reporting complications

• Lengthy and frustrating account recovery processes

How to Avoid ONPointe Fraud and Bank Impersonation Scams

Protecting yourself starts with awareness and verification. Follow these best practices to reduce risk:

• Confirm before responding
  Never trust caller ID or the “from” field in emails or texts. With the use of AI and spoofing technology, these details can be easily falsified.

• Hang up and call back
  If a “bank representative” contacts you unexpectedly, hang up and contact the bank directly using verified phone numbers.

• Never share sensitive information
  Old National Bank will never ask for passwords, MFA codes, or activation keys via phone, email, or text.

• Report suspicious activity immediately
  If you believe you’ve shared information with someone impersonating ONB—or notice unusual account activity—contact Treasury Management Client Services right away.

Business Owners: Stay Alert

This ONPointe scam alert is an important reminder for businesses that handle client or customer data to remain vigilant. Organizations should create, maintain, and enforce a Written Information Security Plan (WISP) and ensure all employees are properly trained.

Employees should be instructed to treat unsolicited calls, emails, or texts requesting login or account information as high-risk events. Even well-trained staff can unintentionally expose sensitive data if cybersecurity procedures are outdated or unclear.

How a Written Information Security Plan (WISP) Helps

A strong WISP helps businesses train employees to:

• Recognize phishing and impersonation attempts

• Verify requests for sensitive client information

• Respond immediately to potential data breaches

In a landscape where cyber fraud continues to evolve rapidly, alerts like this from Old National Bank underscore the importance of keeping cybersecurity top of mind and maintaining compliance with IRS WISP requirements.

Get Help Building and Managing Your WISP

WISP Builder is ready to help your organization create, maintain, store, and train your staff on an effective Written Information Security Plan—so you can reduce risk, improve compliance, and protect sensitive data with confidence.