The US FBI has warned of sharp rise in Account Takeover (ATO) fraud, where cyber criminals pretend to be financial institutions to steal money or personal information. Since January 2025, the FBI has received over 5,100 reports of these scams, with losses totaling more than $262 million.
Criminals target people, businesses, and organizations of all sizes. They often use social engineering to get login information and security codes. Scammers may claim there are fraudulent transactions on an account and direct victims to fake websites. Some even pretend the victim’s information was used to buy items like firearms, then involve another scammer posing as law enforcement to gather more details.
Phishing websites are another common method. The fake sites look just like real bank or payroll pages, leading victims to enter their usernames and passwords. Criminals may also buy search engine ads that appear legitimate, causing users to click on fraudulent links.
Once the criminals have access, they transfer money to accounts linked to cryptocurrency wallets, making it hard to trace or recover the funds. In many cases, they also change the account password, locking the real owner out. The FBI urges people to be cautious with unexpected messages, avoid clicking unfamiliar links, use unique complex passwords, refrain from sharing sensitive information online, and contact their financial institutions directly if something seems suspicious.
