The Account Takeover fraud threat is accelerating across the United States, prompting the Federal Bureau of Investigation (FBI) to issue a new alert warning individuals, businesses, and organizations of all sizes to stay vigilant. According to the FBI Internet Crime Complaint Center (IC3), more than 5,100 complaints related to ATO fraud have been filed since January 2025, with reported losses exceeding $262 million.
The bureau warns that cyber criminals are increasingly impersonating financial institutions to steal money or sensitive information.
As the annual Black Friday sale draws millions of shoppers online, the FBI notes that the surge in digital purchases creates an ideal environment for Account Takeover fraud. With consumers frequently visiting unfamiliar retail websites and acting quickly to secure limited-time deals, cyber criminals deploy fake customer support calls, phishing pages, and fraudulent ads disguised as payment or discount portals.
The increased online activity during Black Friday makes it easier for attackers to blend in and harder for victims to notice red flags, making the shopping season a lucrative window for ATO scams.
How Account Takeover Fraud Works
In an ATO scheme, cyber criminals gain unauthorized access to online financial, payroll, or health savings accounts. Their goal is simple: steal funds or gather personal data that can be reused for additional fraudulent activities. The FBI notes that these attacks often start with impersonation, either of a financial institution’s staff, customer support teams, or even the institution’s official website.
To carry out their schemes, criminals rely heavily on social engineering and phishing websites designed to look identical to legitimate portals. These tactics create a false sense of trust, encouraging account owners to unknowingly hand over their login credentials.
Social Engineering Tactics Increase in Frequency
The FBI highlights that most ATO cases begin with social engineering, where cyber criminals manipulate victims into sharing sensitive information such as passwords, multi-factor authentication (MFA) codes, or one-time passcodes (OTP).
Common techniques include:
- Fraudulent text messages, emails, or calls claiming unusual activity or unauthorized charges. Victims are often directed to click on phishing links or speak to fake customer support representatives.
- Attackers posing as bank employees or technical support agents who convince victims to share login details under the guise of preventing fraudulent transactions.
- Scenarios where cyber criminals claim the victim’s identity was used to make unlawful purchases—sometimes involving firearms, and escalate the scam by introducing another impersonator posing as law enforcement.
Once armed with stolen credentials, criminals reset account passwords and gain full control, locking legitimate users out of their own accounts.
Phishing Websites and SEO Poisoning Drive More Losses
Another growing trend is the use of sophisticated phishing domains and websites that perfectly mimic authentic financial institution portals. Victims believe they are logging into their bank or payroll system, but instead, they are handing their details directly to attackers.
The FBI also warns about SEO poisoning, a method in which cyber criminals purchase search engine ads or manipulate search rankings to make fraudulent sites appear legitimate. When victims search for their bank online, these deceptive ads redirect them to phishing sites that capture their login information.
Once attackers secure access, they rapidly transfer funds to criminal-controlled accounts—many linked to cryptocurrency wallets—making transactions difficult to trace or recover.
How to Stay Protected Against ATO Fraud
The FBI urges customers and businesses to take proactive measures to defend against ATO fraud attempts:
- Limit personal information shared publicly, especially on social media.
- Monitor financial accounts regularly for missing deposits, unauthorized withdrawals, or suspicious wire transfers.
- Use unique, complex passwords and enable MFA on all accounts.
- Bookmark financial websites and avoid clicking on search engine ads or unsolicited links.
- Treat unexpected calls, emails, or texts claiming to be from a bank with skepticism.
What To Do If You Experience an Account Takeover
Victims of ATO fraud are advised to act quickly:
- Contact your financial institution immediately to request recalls or reversals, and report the incident to IC3.gov.
- Reset all compromised credentials, including any accounts using the same passwords.
- File a detailed complaint at IC3.gov with all relevant information, such as impersonated institutions, phishing links, emails, or phone numbers used.
- Notify the impersonated company so it can warn others and request fraudulent sites be taken down.
- Stay informed through updated alerts and advisories published on IC3.gov.
