FBI: bank impersonators fuel $262M surge in account takeover fraud – Against Invaders

FBI: bank impersonators fuel $262M surge in account takeover fraud - Against Invaders

FBI: bank impersonators fuel $262M surge in account takeover fraud

Cybercriminals posing as banks drove a major spike in account takeover fraud this year, stealing over $262 million, the FBI warned.

The FBI warns of a surge in account takeover fraud, with criminals posing as financial institutions and stealing over $262M since January 2025. Cybercriminals breach online financial, payroll, or health-savings accounts to steal money or sensitive data.

The Internet Crime Complaint Center (IC3) has logged more than 5,100 complaints, affecting individuals, businesses, and organizations across all sectors.

“The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors.” reads the alert published by the FBI. “In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the goal of stealing money or information for personal gain.”

Cybercriminals impersonate financial institutions to hijack accounts using social engineering via texts, calls, and emails. Crooks trick victims into providing credentials, MFA codes, or OTPs by posing as bank staff, support agents, or fraud departments. Attackers often claim there are fraudulent transactions and direct victims to phishing sites to “report” or stop the activity. In some cases, scammers allege fraud such as firearm purchases and bring in a second impersonator posing as law enforcement to extract additional account details.

“In some instances, cyber criminals impersonating financial institutions reported to the account owner that their information was used to make fraudulent purchases, including firearms.” continues the alert. “The cyber criminal convinces the account owner to provide information to a second cyber criminal impersonating law enforcement, who then convinces the account owner to provide account information.”

According to the FBI, cybercriminals deploy phishing sites mimicking financial or payroll portals to steal login credentials. They lure victims via fraudulent links or ads (SEO poisoning) that push fake sites to the top of search results. Once users enter their credentials on these convincing phishing pages, attackers capture them and gain unauthorized access to the real accounts.

“Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover.” continues the report. “In some cases, including nearly all social engineering cases, the cyber criminals change the online account password, locking the owner out of their own financial account(s).”

The FBI recommends that victims of an Account Takeover (ATO) incident immediately contact their financial institution as soon as fraud is detected. This allows them to request a recall or reversal of unauthorized transfers and obtain a Hold Harmless Letter or Letter of Indemnity, steps that can reduce or prevent financial losses. The Bureau also advises reporting fraudulent wire transfers both to the financial institution and to the FBI’s Internet Crime Complaint Center (IC3).

The FBI further urges victims to reset any passwords or credentials that may have been exposed, including those reused across multiple accounts, and to revoke compromised certificates or service accounts. It also recommends filing a detailed complaint at IC3.gov, including all relevant information about the attackers, impersonated institutions, phishing domains, and financial accounts involved, and using terms such as “Account Takeover” or “SEO poisoning” in the incident description.

Additionally, the Bureau advises notifying the company that was impersonated so it can warn other customers and request takedowns of phishing pages. Finally, the FBI encourages the public to stay informed by checking IC3.gov for updated alerts and announcements on ATO trends and other cyber fraud schemes.

Follow me on Twitter:@securityaffairsandFacebookandMastodon

PierluigiPaganini

(SecurityAffairs–hacking,Account Takeover (ATO))

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.