Cybercriminals are exploiting “Midwest Nice.” Here’s what to do about it.

Get Our Email Newsletter
Local news about the companies, people and issues that impact business in Northeast Wisconsin and beyond.

Business owners across Northeast Wisconsin are facing a growing wave of fraud attempts that look increasingly legitimate and are becoming harder to detect.

From spoofed bank phone numbers and fake vendor invoices to AI‑generated phishing emails and credential theft, local financial institutions and insurance advisers say cybercriminals are relying less on breaking through technical defenses and more on manipulating people.

Van Boxtel

According to the FBI’s 2025 Internet Crime Report, internet crime complaints surpassed one million for the first time, averaging more than 3,000 per day. Cyber‑enabled fraud accounted for nearly 85% of all reported losses, while phishing and spoofing remained the most frequently reported crime types. The report also documented more than 22,000 artificial intelligence‑related cybercrime complaints resulting in nearly $900 million in losses.

Northeast Wisconsin experts say those national trends closely mirror what they are seeing locally.

Advertisement

“Business fraud is increasing, as are efforts to detect and report it even as cybercriminals continue evolving their techniques,” says Ben Van Boxtel, information security analyst at Associated Bank.

That includes a persistent focus on urgency — something criminals use to push employees past established safeguards.

“There’s a process at play. But don’t disregard the process because of the sense of urgency or to be ‘Midwest Nice,’” he says.

Fraud is becoming more sophisticated

“The tactics haven’t changed significantly, but attackers are executing them with increasing sophistication,” says Kevin C. Ress, information security manager at Associated Bank.

Advertisement

“When it comes to phishing, they’re using AI to craft those messages and scouring open‑source intelligence, LinkedIn and other pages … to lure [victims] in,” Van Boxtel says.

Businesses often underestimate how much information is publicly available and how it can be assembled into convincing attacks.

“Small pieces of information may seem trivial, but put those 10 puzzle pieces together, and now here’s my door into the company,” Van Boxtel says.

Holewinski

“It is more of an emotional connection than it is a transaction,” says Dillon Holewinski, vice president of sales, business insurance and risk at McClone Insurance.

Advertisement

Fear and urgency remain two of the most effective tools, he adds, in a cybercriminal’s arsenal.

“Be aware; sophistication is always changing with AI coming in with voiceovers or replications or other personal tactics,” Holewinski says. “You can have the best security system in the world, but if your employee leaves the garage door open, the cybercriminals will walk in and hide behind a curtain and wait until they get the credential they’re looking for and attack.”

What banks and insurers are seeing

Among the most common schemes affecting businesses today are business email compromise, vendor impersonation, invoice fraud and credential theft, Holewinski says.

“We hear about ransomware and extortion because that’s sensationalism in headlines,” he says. “But there is [far more] impersonation through AI.”

At First Business Bank, Vice President of Treasury Management Lindsay Meyer says impersonation scams are becoming more aggressive and convincing: “The latest and most sophisticated fraud tactics we’re seeing have been impersonation, so spoofing of phone calls and text messages.”

Meyer

In one case, fraudsters told a customer not to contact the bank, claiming internal fraud.

 

“They told the client not to answer calls from the bank, which is a concerning new approach we’re now seeing,” Meyer says.

The goal was account takeover.

“Never give that information out,” she says of authentication codes. “They’re not sending the code; they’re trying to get in. Always hang up and call [a reputable number] for the bank,” she says.

Ress says fraudsters are also getting better at using breached data and public information to personalize attacks.

“What used to be a broad phishing email that a lot of people would get — which was very generic — is becoming more and more targeted by leveraging AI tools,” he says.

Every organization is a target

“While it may seem like attackers focus only on large, high‑value companies, organizations of all sizes are targeted,” Ress says.

Schools, nonprofits, manufacturers, municipalities and family‑owned businesses all face risk.

“It comes down to the human element,” Ress says. “That employee clicking on that link, answering the phone and divulging credentials and whatnot. It’s clearly a financial, reputational and business impact as well, whether you’re 10 or 1,000 employees.”

Holewinski says cybersecurity can no longer be viewed as an IT‑only concern.

“One of the most important mindset shifts is that cybersecurity is not just an IT issue. It’s part of everyday operations and risk management,” he says. “It’s a global issue because we’re talking about data. Northeast Wisconsin is not immune to it.”

Building resilience

Experts say businesses should focus on fundamentals: multifactor authentication, employee training, strong password management, secure backups and documented incident response plans.

Ress

Insurance carriers increasingly require those controls before issuing cyber coverage, making them baseline expectations for many businesses. And Ress says education must include leadership teams.

“A lot of times, it’s the top of the house including C‑ or E‑suite to reinforce awareness,” he says.

Meyer says businesses should also enforce separation of duties for financial transactions.

“We encourage clients to have internal controls — segregation of duties,” she says. “Otherwise, once the money is out, it’s out and it’s hard to recover those funds.”

She recommends dual approval for payments and tools like positive pay and transaction alerts.

Meyer says urgency is one of the biggest warning signs, especially around holidays or weekends.

Beyond prevention: recovery matters

Financial institutions increasingly help businesses monitor for fraud and respond quickly when incidents occur.

“We’re educating clients to help them understand what’s out there and what to be aware of, so they don’t find themselves victims of fraud attempts,” Meyer says.

Insurance plays a different role, Holewinski says: “Insurance is not the first line of defense; it’s the overall recovery strategy.”

Cyber insurance can help cover business interruption, forensic investigations, legal expenses, crisis communications and recovery costs.

“Just like sprinklers don’t replace fire insurance, cybersecurity tools don’t replace what happens after a cyber attack,” he says.

He says businesses must think beyond prevention.

“What if I’m locked out of my company for five days, what would that do? Payroll, lost business, reputational harm,” says Holewinski.

That thinking is driving broader adoption of business continuity planning.

“No two cyber events are the same, and no two cyber policies are the same,” he says. “The goal is not fear or paranoia; it’s preparedness, awareness and being resilient and having a plan.”

Preparedness over panic

As cybercriminals become more sophisticated, experts encourage discipline. Businesses should not overlook traditional fraud risks while focusing on cybercrime.

“Checks are still the No. 1 way to perpetrate fraud; they’re not safe,” Meyer says.

For Northeast Wisconsin businesses, the message is consistent across banks and insurers: Trust still matters, but verification matters more. In an era of AI‑generated scams, spoofed calls and increasingly convincing impersonation attempts, being “Midwest Nice” cannot come at the expense of following established procedures.

Or, as Van Boxtel put it: “Don’t let urgency override your process.”

Digital Partners