My first thought is always to ask if the person is interested in learning more or if they would just like help. If the patron would like to learn more, I would offer books from the collection. Otherwise, I would suggest regularly changing passwords and, if the patron has a cell phone, using 2 step authentication. I would direct the patron to websites that help review security settings.
I would let the patron know that the Library can't assist with banking information. Then I would direct the patron to websites explaining how to recognize a scam. If there's time and the patron is interested, I might talk a little about how scamming always seems believable. If it didn't seem believable to someone, it would never work. Most people feel embarrassed in this kind of situation, once they understand the scam, and I would think about that as I work with the patron, to help avoid embarrassment.
This is always difficult, as the patron has generally observed something that seems unusual to the patron. I've found that the best approach is to talk calmly with the patron and to encourage the patron not to use public computers for sensitive information, if there's any option. I've found that simply denying the activity sometimes isn't helpful, though of course the Library isn't spying on the person.