FBI Warns of Surge in Account Takeover Fraud Targeting Financial Institutions
The FBI has issued a warning about a significant increase in account takeover (ATO) fraud schemes, with cybercriminals impersonating financial institutions to steal money and sensitive information. Since the beginning of the year, over $262 million in losses have been reported from more than 5,100 complaints. Attackers use social engineering tactics—including texts, calls, and emails—to trick victims into revealing login credentials, multi-factor authentication codes, or one-time passcodes. Once access is gained, criminals reset passwords, lock out account owners, and quickly transfer funds, often to cryptocurrency wallets, making recovery difficult.
The FBI highlighted that these schemes are becoming more sophisticated, with tactics such as search engine optimization (SEO) poisoning, where fraudulent ads mimic legitimate e-commerce or financial sites to lure victims. The warning comes ahead of the holiday season, a period when such scams typically increase. The agency urges heightened vigilance, especially as cybercriminals exploit fears of fraudulent transactions and use impersonation of both financial institution staff and law enforcement to manipulate victims into providing sensitive account information.
Timeline
Nov 27, 2025
Amazon warns 300 million customers about brand impersonation scams
Amazon separately alerted its roughly 300 million customers to brand impersonation scams during the holiday shopping period. The warning highlighted attackers posing as Amazon or customer support to steal credentials and one-time codes as account takeover activity intensified around Black Friday.
Nov 25, 2025
Researchers report surge in holiday scam infrastructure and AI-enabled phishing
Around the same period, security researchers reported hundreds of malicious holiday-themed domains, thousands of lookalike domains, and growing use of generative AI to make phishing lures and scam sites more convincing. They also noted large volumes of stolen e-commerce credentials for sale on the dark web and increased mobile phishing activity targeting shoppers.
Nov 25, 2025
FBI issues holiday-season warning on account takeover fraud
Ahead of the 2025 holiday shopping season, the FBI publicly warned that cybercriminals were increasingly impersonating financial institutions and using phishing, SEO poisoning, spoofed sites, and fake support interactions to hijack accounts. The agency said stolen funds were often moved quickly to criminal-controlled accounts linked to cryptocurrency wallets.
Jan 1, 2025
FBI records 5,100+ ATO complaints and $262 million in losses since January
Beginning in January 2025, the FBI says it received more than 5,100 complaints tied to account takeover fraud, with reported losses exceeding $262 million. The activity involved social engineering, phishing, fake fraud alerts, and credential theft leading to rapid fund transfers.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Sources
Related Stories
Surge in Account Takeover Attacks Targeting Online Retailers and Consumers
Cybercriminals are increasingly exploiting the holiday shopping season to launch account takeover (ATO) attacks against online retailers and their customers. The surge in online traffic during peak shopping periods creates opportunities for attackers to blend in with legitimate users, using automated tools and AI-driven bots to compromise accounts and access sensitive information such as payment details, loyalty points, and personal data. According to industry reports, ATO attacks have risen sharply, with a 40% increase in 2024 and over 50% since 2022, driven by the widespread availability of stolen credentials and the expanding digital footprint of businesses. The FBI has issued warnings about the growing prevalence of ATO fraud schemes, highlighting the sophistication of attackers who employ credential stuffing, credential cracking, and brute force techniques to gain unauthorized access. These attacks often go undetected until significant financial losses and customer frustration occur. Retailers are urged to strengthen authentication processes and monitor for suspicious login activity, especially during high-traffic periods, to mitigate the risk of account compromise and fraud.
1 months ago
Social Engineering and Payment Fraud Targeting Credit Unions and Consumers
Credit unions and financial institutions are facing a surge in sophisticated fraud schemes that leverage social engineering and AI-driven tactics to compromise payment security. Attackers are increasingly using phishing, vishing, and smishing to harvest credentials and one-time passcodes, enabling account takeover and card-not-present fraud. Imposter scams, such as fraudulent calls and urgent messages, pressure victims into making instant, irreversible transfers through crypto ATMs or quick-pay apps. Security leaders emphasize the importance of real-time monitoring, member education, and advanced authentication methods—including tokenization and biometrics—to counter these evolving threats and protect members without degrading user experience. Criminal organizations, including groups operating out of China, have orchestrated large-scale scams by sending deceptive texts about overdue tolls or postal fees to trick individuals into divulging credit card details. Stolen card numbers are then installed in digital wallets like Google and Apple Wallets in Asia and shared with U.S.-based accomplices to make fraudulent purchases. These operations have resulted in over $1 billion in losses over three years, highlighting the global scale and technical ingenuity of modern payment fraud. Early reporting by victims and rapid response by financial institutions are critical to stopping fraudulent transfers and involving law enforcement to mitigate losses.
1 months ago
Global Surge in Sophisticated Banking and Financial Phishing Scams
A dramatic increase in banking and financial scams has been observed globally, with a 65% rise in scam activity over the past year, according to data from BioCatch. Financial institutions serving nearly 350 million consumers across five continents have reported explosive growth in various scam types, including a tenfold increase in SMS-based phishing (smishing) attacks. Voice phishing (vishing) attempts have doubled, romance scams have risen by 63%, and investment scams have climbed by 42%. Purchase scams remain the most common form of fraud, with a 14% increase in attempts. The Global Anti-Scam Alliance estimates that consumers now lose over $1 trillion annually to scams, a figure that continues to escalate. Much of this surge is attributed to organized criminal operations exploiting the financial system, as noted by the U.S. Department of the Treasury. Scammers are leveraging current events and government programs, such as New York State’s inflation refund initiative, to launch targeted phishing campaigns. These campaigns often impersonate official agencies, urging recipients to provide sensitive payment information under the threat of losing their refunds. The phishing messages typically originate from foreign numbers and direct victims to fake websites designed to harvest personal data, including Social Security Numbers and bank account details. In the private sector, attackers are targeting users of popular financial platforms like Robinhood, sending convincing text messages that warn of suspicious account activity and prompt users to log in via fraudulent links. These fake login pages are crafted to closely mimic legitimate sites, and after stealing credentials, some even redirect victims to the real site to avoid suspicion. Additionally, credential phishing campaigns are evolving rapidly, with scammers impersonating Google Careers to target Google Workspace and Microsoft 365 users. These emails, sent in multiple languages and using frequently changing sender details, lure recipients into multi-step traps involving fake verification pages and credential harvesting sites. Attackers abuse legitimate services such as Salesforce and Recruitee to distribute these phishing emails, and the malicious domains are often newly registered to evade detection. The sophistication and adaptability of these scams make them increasingly difficult for both individuals and organizations to detect and prevent. Financial institutions and cybersecurity experts emphasize the need for heightened vigilance, robust anti-phishing training, and advanced fraud detection technologies to combat this growing threat. The widespread nature of these scams underscores the importance of cross-sector collaboration and public awareness to mitigate financial losses and protect sensitive information. As scammers continue to refine their tactics, the risk to consumers and businesses remains high, necessitating ongoing adaptation of security measures. The convergence of social engineering, technical deception, and exploitation of current events highlights the evolving landscape of financial cybercrime. Authorities and industry leaders are calling for increased investment in behavioral biometrics and real-time fraud monitoring to stay ahead of these sophisticated threats. The ongoing battle against banking and financial phishing scams is expected to intensify as attackers leverage new technologies and social trends to expand their reach.
1 months ago