The FBI warns of a significant surge in Account Takeover (ATO) fraud, where cybercriminals impersonate bank support teams to gain access to victims’ financial accounts. Since early 2025, losses have already exceeded $262 million.
According to the Internet Crime Complaint Center (IC3), more than 5,100 complaints have been filed since January 2025 regarding attacks targeting banking, payroll, and health savings accounts. Criminals use phishing websites, phone calls, SMS messages, and emails to pose as financial institution support staff. Once they gain access, they initiate transfers to crypto wallets and often reset passwords, completely locking rightful owners out of their accounts.
The FBI notes that fraudsters frequently manipulate victims by claiming that their information was involved in “fraudulent transactions” or even firearm purchases. Such tactics push victims to enter data on phishing pages or disclose MFA or OTP codes to impostors.
Many campaigns rely on SEO poisoning, artificially promoting fake banking websites in search results—often through ads—so that users unknowingly access fraudulent portals.
Financial account takeover remains one of the most profitable forms of cybercrime. Throughout 2024–2025, IC3 has issued multiple warnings about fake websites, including fraudulent clones of the IC3.gov portal itself. The use of cryptocurrency for stolen funds makes tracking and recovering assets extremely difficult. At the same time, impersonation of bank staff and even law enforcement continues to grow.
The FBI urges consumers to monitor account activity, use strong passwords, and enable multi-factor authentication. For safe banking access, users should rely on bookmarks rather than search results. In case of an incident, victims should immediately contact their financial institution and file a report at IC3.gov.
