The FBI warned today of a massive surge in account takeover (ATO) fraud schemes and said that cybercriminals impersonating financial institutions have stolen over $262 million in ATO attacks since the start of the year.
Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received over 5,100 complaints, with the attacks impacting individuals, as well as businesses and organizations across all industry sectors.
In these schemes, criminals gain unauthorized access to online bank, payroll, or health savings accounts using various social engineering techniques or fraudulent websites, the FBI said.
After gaining control, criminals wire funds into crypto wallets, making recovery very difficult and, in many cases, changing account passwords and locking legitimate owners out.
“Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover,” the law enforcement agency warned in an IC3 public service announcement issued today.
“In some cases, including nearly all social engineering cases, the cyber criminals change the online account password, locking the owner out of their own financial account(s).”
The FBI advises monitoring financial accounts, using unique, complex passwords, enabling multi-factor authentication, and using bookmarks rather than search results to visit banking websites.
Victims should also immediately contact their financial institution to request a recall and obtain a Hold Harmless Letter/indemnification documents, which may reduce losses. The FBI also recommends filing complaints at ic3.gov with detailed information, including criminal financial accounts and impersonated companies.
Phishing and law enforcement impersonation
The fraudsters will typically impersonate bank staff or customer support personnel through texts, calls, or emails to manipulate potential victims into providing login credentials, including multi-factor authentication (MFA) or One-Time Passcode (OTP) codes.
The stolen credentials are then used to log in to the financial institution’s website and initiate a password reset to gain control of the victims’ accounts.
According to victim reports, some criminals have falsely claimed that their information was used for fraudulent transactions or even firearm purchases to trick the victim into visiting a phishing website or provide sensitive information to a second criminal impersonating law enforcement.
The phishing websites used in these attacks are designed to look like legitimate financial institutions or payroll websites. In some cases, attackers also use search engine optimization (SEO) poisoning tactics, pushing their fraudulent websites to the top of search results by promoting them through ads.
In September, the FBI also warned that cybercriminals are impersonating the Internet Crime Complaint Center (IC3) website in financial scams or to steal their targets’ personal information.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.