FBI Warns of Account Takeover Fraud as Reported Losses Top $262 Million

The Federal Bureau of Investigation (FBI) has issued a warning about cybercriminals impersonating financial institutions to steal money and personal information through Account Takeover (ATO) fraud schemes. Victims include individuals, businesses, and organizations across multiple sectors.

Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received over 5,100 ATO complaints, with reported losses exceeding $262 million.

In these scams, criminals pose as financial institutions' staff or mimic official websites to trick victims into giving up account access. They often use social engineering tactics, such as phishing emails, texts, or phone calls, or fraudulent websites, to capture login credentials.

Once inside, criminals quickly transfer funds to accounts under their control, often linked to cryptocurrency wallets, making recovery difficult. In many cases, they also change account passwords to lock victims out of their own accounts.

FBI: How to Protect Yourself From ATO Fraud

• Limit the personal information you share online or on social media.
• Regularly monitor your financial accounts.
• Use strong, unique passwords.
• Access login pages via saved Bookmarks or Favorites, not search results.
• Stay alert to phishing attempts.

If fraud occurs, immediately contact your financial institution to request a recall or reversal and obtain a Hold Harmless Letter or Letter of Indemnity, which may help reduce losses. Victims should also notify the impersonated company so it can identify the account owner, warn others, and request that fraudulent websites be taken down.

Previously, in March, the Canadian Investment Regulatory Organization (CIRO) also warned about an emerging scam known as account intrusions, which uses similar tactics and targets online accounts.