WASHINGTON, D.C. – The FBI is alerting the public to a growing wave of account takeover (ATO) fraud carried out by cyber criminals posing as bank or financial institution employees. Since January 2025, the Internet Crime Complaint Center (IC3) has received more than 5,100 complaints tied to these schemes, with reported losses exceeding $262 million, according to a recent Public Service Announcement.

The advisory explains that criminals target individuals, businesses, and organizations across multiple sectors, using social engineering and fraudulent websites to gain unauthorized access to online financial, payroll, or health-related accounts. Their end goal: stealing funds or personal information.

How the Scheme Works

Cyber criminals often impersonate customer service or fraud-prevention staff to convince victims to hand over sensitive login details, including multi-factor authentication codes and one-time passcodes. Once they obtain access, they reset passwords and lock account holders out. In some cases, fraudsters warn targets of supposed suspicious transactions—sometimes even claiming illegal purchases such as firearms—to create urgency and pressure victims into cooperating.

Criminals also deploy phishing websites designed to mimic legitimate financial institution portals. Some use search engine optimization (SEO) poisoning, purchasing ads that appear authentic and draw users to fraudulent login pages. Once inside an account, funds are quickly wired to accounts controlled by criminals, often linked to cryptocurrency wallets, making recovery difficult.

How to Stay Protected

The FBI urges consumers and businesses to take steps to reduce risk, including:

• Using complex, unique passwords and never disabling multi-factor authentication.
• Monitoring financial accounts regularly for unusual activity, missing deposits, or unauthorized transactions.
• Avoiding links in unsolicited texts, calls, or emails, and navigating to financial institutions only through bookmarked or verified websites.
• Being cautious of unsolicited calls from individuals claiming to work for a bank or company; the FBI advises hanging up and calling the known official number instead.

What to Do if You’re a Victim

Victims are urged to immediately contact their financial institution to request recalls or reversals of fraudulent transfers and obtain indemnity documentation. Passwords and credentials should be reset across any potentially affected accounts. The FBI also recommends filing a detailed report at www.ic3.gov, including any impersonation details, fraudulent websites, and financial accounts associated with the scam.

The agency also encourages notifying the legitimate company that was impersonated so it can alert other customers and request the removal of fraudulent webpages.

More information and updates on cyber-enabled fraud can be found at IC3.gov.