Request Demo

FBI Warns of Surge in Account Takeover Fraud: What You Need to Know

/ Breach, Cybercrime, Cybersecurity, Data Breach, Data Theft, Identity Protection, Identity Theft / By

The FBI issued a Public Service Announcement warning November 25 of a significant rise in Account Takeover (ATO) fraud, a type of cybercrime in which criminals impersonate trusted financial institutions to steal money and sensitive information.

This threat is not limited to a specific industry or company size. According to the FBI’s Internet Crime Complaint Center (IC3), more than 5,100 ATO complaints have been reported since January 2025, with losses exceeding $262 million. These attacks target individuals, small businesses, and large enterprises alike—and the tactics are becoming increasingly sophisticated.

At Enfortra, we help organizations understand emerging cyber risks and build stronger defenses. Here’s what you need to know about ATO fraud, how these attacks work, and how to protect your organization and employees.

What Is Account Takeover (ATO) Fraud?

ATO fraud is not new, but its scale, impact, and techniques have evolved dramatically. Account Takeover fraud occurs when a cybercriminal gains unauthorized access to a financial, payroll, or online account and assumes control as the legitimate user.

Once inside, attackers often:

  • Reset passwords and lock out the real account holder

  • Initiate wire transfers or move funds to cryptocurrency wallets

  • Change account details to prevent detection

  • Drain accounts quickly, making recovery difficult or impossible

Because financial systems and payroll platforms are prime targets, the impact of a single successful ATO attack can be devastating for both individuals and businesses.

How Cybercriminals Execute ATO Attacks

1. Social Engineering and Impersonation

Many ATO attacks begin with social engineering, where criminals pose as trusted parties—often a bank, credit union, or payroll provider.

Common tactics include:

  • Fraudulent phone calls, emails, or text messages

  • Claims of “suspicious” or “fraudulent” transactions

  • Requests to “verify” account details or login credentials

  • Pressure to act quickly to avoid further losses

In some cases, attackers escalate the deception. The FBI reports incidents where victims were told fraudulent purchases—sometimes involving firearms—had been made. The victim was then transferred to a second criminal impersonating law enforcement, who pressured them into providing account information.

Critical warning: Legitimate financial institutions will never ask for your password, PIN, or one-time passcode (OTP).

Once attackers obtain credentials—including MFA or OTP codes—they log in as the user and initiate password resets, fully taking over the account.

2. Fraudulent Websites and SEO Poisoning

Cybercriminals are also creating highly convincing fake websites that closely resemble legitimate financial or payroll portals.

To increase credibility, attackers use:

  • Paid search engine ads

  • Search Engine Optimization (SEO) tactics to rank fake sites highly

  • Links embedded in phishing emails or text messages

When users click on these ads or links, they are directed to sophisticated phishing sites that look authentic. Any credentials entered are immediately captured by the attacker.

What Happens After Access Is Gained

Once inside an account, cybercriminals move quickly. Funds are often transferred via wire or routed to cryptocurrency wallets, making recovery extremely difficult. Attackers then change passwords and security settings, locking out the rightful account owner and delaying detection.

How to Protect Yourself and Your Organization

Think of the following steps as essential digital hygiene—small habits that dramatically reduce risk:

  • Use strong, unique passwords for every account

  • Enable Multi-Factor Authentication (MFA) wherever possible

  • Never share OTP or MFA codes, even if the request seems legitimate

  • Use bookmarks or saved links to access login pages instead of search results or ads

  • Be cautious of unsolicited calls, texts, or emails claiming urgency

    • Hang up

    • Look up the official number

    • Call back directly

  • Monitor accounts regularly for unusual activity

  • Limit oversharing on social media, which can provide clues for attackers

For businesses, employee awareness and consistent security training are especially critical, as attackers often target staff with access to financial or payroll systems.

What to Do If You Suspect an ATO Incident

If you believe an account has been compromised, act immediately:

  1. Contact your financial institution

    • Request a recall or reversal of fraudulent transfers

    • Ask about a Hold Harmless Agreement or Letter of Indemnity

    • Follow their incident response guidance

  2. Reset or revoke all compromised credentials

    • Especially if passwords are reused across systems

  3. File a detailed complaint with the FBI IC3

  • Include dates, amounts, communication details, and account information

  1. Notify the impersonated organization

    • This helps protect other customers and organizations

Staying Ahead of a Growing Threat

Account Takeover fraud continues to evolve—but so do defenses. Awareness, verification, and strong security practices remain your best protection.

At Enfortra, we believe informed users and resilient systems are key to reducing cyber risk. Staying vigilant, slowing down when something feels off, and verifying before acting can make all the difference.

And remember: when it comes to your money and your systems, it’s always okay to pause and verify.

Request Demo
Important Links
Social Links
Twitter Linkedin

©2025 Enfortra. All rights reserved. 

Exit mobile version