The bureau says criminals are exploiting shopping and impersonation tactics to steal money and personal information.
What happened
The FBI said that more than five thousand account takeover complaints have been filed since January 2025, with reported losses exceeding two hundred sixty million dollars. According to reporting by The Cyber Express, the bureau issued an advisory warning that criminals are impersonating financial institutions, directing victims to phishing pages, and using fraudulent support calls to obtain credentials.
Going deeper
The FBI noted that attackers commonly target online banking, payroll, and health savings accounts by obtaining passwords, one-time passcodes, and multi-factor authentication codes. Many of these schemes start with social engineering, where callers pose as bank employees or support agents and claim that suspicious activity requires immediate action. Other activity involves phishing websites designed to mimic authentic financial portals, and search engine manipulation that promotes fraudulent links above legitimate sites. Increased holiday shopping activity, especially around Black Friday, provides a larger volume of online transactions for criminals to blend into, making it harder for victims to identify warning signs.
What was said
The FBI stated that many victims are contacted through texts, emails, or calls that reference supposed unauthorized charges or account issues. Attackers often escalate pressure by claiming that the victim’s identity has been misused, or by introducing another impersonator posing as law enforcement. Once attackers collect login credentials, they quickly reset passwords and transfer funds before the victim realizes what happened. The bureau urged consumers to verify communications directly through known contact channels, use multi-factor authentication, avoid clicking on search engine ads for financial institutions, and monitor accounts for missing deposits or unfamiliar withdrawals.
The big picture
Industry experts say the surge in account-takeover fraud reflects how deeply attackers now understand banking operations and how easily compromised credentials can be used to mimic legitimate internal activity. Jim Routh, chief trust officer at Saviynt, noted that “the large majority of ATO accounts referenced in the FBI announcement occur through compromised credentials used by threat actors intimately familiar with the internal processes and workflows for money movement within financial institutions.”
Routh said that preventing these intrusions requires stronger verification steps rather than continued reliance on username-password pairs. “The most effective controls to prevent these attacks are manual (phone calls for verification) and SMS messages for approval,” he explained, adding that “the root cause continues to be the accepted use of credentials for cloud accounts despite having passwordless options available.”
FAQs
What makes account takeover scams effective?
Attackers rely on real-time communication, pressure tactics, and convincing impersonation, which lead victims to share credentials before verifying the request.
How does SEO poisoning contribute to these scams?
Fraudulent ads or manipulated search results place phishing pages above official sites, tricking victims into entering their login information on attacker-controlled pages.
Why do criminals focus on multi-factor authentication codes?
These codes allow attackers to bypass additional security layers and complete password resets or transfers while posing as the legitimate account owner.
How can consumers reduce their exposure to ATO fraud?
They can bookmark financial sites, avoid interacting with unsolicited messages, enable multi-factor authentication, and use unique passwords across accounts.
What should businesses do when an employee experiences an account takeover?
They should disable the compromised account, review financial transactions, rotate credentials, notify their institution, and report details to IC3.
Farah Amod
.jpg)
