CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Fraud & Identity Theft·Cybercrime

Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes. The post Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI appeared first on SecurityWeek.

FBI Hacked

Cybercriminals engaging in account takeover (ATO) fraud schemes have caused over $262 million in losses since January 2025, the FBI reports.

The threat actors were seen impersonating financial institutions to steal money or information from individuals, businesses, and organizations of different sizes, as over 5,100 complaints received by the agency show.

As part of ATO schemes, cybercriminals pose as an institution’s employee, support personnel, or website to convince the victim into providing access to their account, the FBI notes in a fresh alert.

Typically, threat actors rely on social engineering via email, voice call, and text, as well as fraudulent websites.

In some instances, the attackers claim that there are fraudulent transactions in the victim’s account and provide a phishing link claiming to help the victim report the fraud.

In other instances, the cybercriminals contacted the victims claiming their accounts were used to make fraudulent purchases, and then directed the victims to other threat actors impersonating law enforcement.

As part of these attacks, the FBI notes, the miscreants convince the victim to share their login information, including multi-factor authentication (MFA) code or one-time passcode (OTP), to access their account.

Next, they log into the victim’s account on the financial institution’s website and reset the password to gain full control of the account and lock the victim out.

“Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover,” the FBI says.

The agency recommends, “Contact your financial institution as soon as fraud is recognized to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Requesting a recall and obtaining a Hold Harmless Letter/indemnification documents as quickly as possible may reduce or eliminate your financial losses.”

Victims are also encouraged to notify the impersonated institution and to report the incident to the FBI Internet Crime Complaint Center (IC3).

Related: 18 Arrested in Crackdown on Credit Card Fraud Rings

Related: Who’s Really Behind the Mask? Combatting Identity Fraud

Related: Fraud: A Growth Industry Powered by Gen-AI

Related: Fraud Losses Reached $12.5 Billion in 2024: FTC

Latest News

CYBERNEWSMEDIAPublisher