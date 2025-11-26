The FBI has warned that since January 2025 account takeover (ATO) fraud schemes have resulted in losses exceeding $262m.

In a public service announcement on November 25, the Bureau warned that cybercriminals are impersonating financial institutions to steal money or information in ATO schemed.

ATO sees cybercriminals gain unauthorized access to the targeted online financial institution, payroll or health savings account, with the goal of stealing money or information for personal gain.

Scammers typically use a combination of social engineering techniques and phishing domains or websites to commit fraudulent activity.

Cybercriminals impersonate financial institution employees, customer support or technical support personnel to manipulate account owners into disclosing login credentials, MFA or one time passcode.

Social Engineering Scams Lead to Account Takeover

Account owners can be contacted via fraudulent text messages, calls or emails to trick the email recipient into providing their login credentials. Some of these messages will state that there is unusual activity on their account with a link to a phishing website that is designed to trick users into believing they are reporting the fraud.

According to the FBI, scammers have also been found to alert the account holder to alleged fraudulent purchases of high-risk items such as firearms.

The cybercriminal convinces the account owner to provide information to a second cybercriminal impersonating law enforcement, who then convinces the account owner to provide account information.

Fraudulent Websites Steal Credentials

Once the account owner has been contacted, they are directed to fraudulent websites that often appear to be the legitimate online financial institution or payroll website.

Believing the phishing website is the legitimate one, users enter their login credentials into the fraudulent site, unknowingly providing them to cybercriminals.

Search engine optimization (SEO) poisoning is also a common tactic used by cybercriminals. This involves hackers purchasing ads that imitate legitimate business ads to increase the prominence of their phishing websites by making them appear more authentic to customers who use a search engine to locate the business' website.

When users click on the fraudulent search engine ad, they are directed to a sophisticated fraudulent phishing site that mimics the real website, tricking users into providing their login information.

Protection Against Account Takeover Scams

In its notification, the FBI outlined a number of steps that can be taken to counter ATO attempts, these include: