The FBI warned today of a massive surge in account takeover (ATO) fraud schemes and said that cybercriminals impersonating financial institutions have stolen over $262 million in ATO attacks since the start of the year.
Since January 2025, the FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints, with the attacks impacting individuals, as well as businesses and organizations across all industry sectors.
In these schemes, criminals gain unauthorized access to online bank, payroll, or health savings accounts using various social engineering techniques or fraudulent websites, the FBI said.
After gaining control, criminals wire funds into crypto wallets, making recovery very difficult and, in many cases, changing account passwords and locking legitimate owners out.
"Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover," the law enforcement agency warned in an IC3 public service announcement issued today.
"In some cases, including nearly all social engineering cases, the cyber criminals change the online account password, locking the owner out of their own financial account(s)."
The FBI advises monitoring financial accounts, using unique, complex passwords, enabling multi-factor authentication, and using bookmarks rather than search results to visit banking websites.
Victims should also immediately contact their financial institution to request a recall and obtain a Hold Harmless Letter/indemnification documents, which may reduce losses. The FBI also recommends filing complaints at ic3.gov with detailed information, including criminal financial accounts and impersonated companies.
Phishing and law enforcement impersonation
The fraudsters will typically impersonate bank staff or customer support personnel through texts, calls, or emails to manipulate potential victims into providing login credentials, including multi-factor authentication (MFA) or One-Time Passcode (OTP) codes.
... continue reading