IC3: File a Complaint & Report Internet Crime

by priyanka.patel tech editor
written by priyanka.patel tech editor

FBI Warns of Surge in Account Takeover Fraud, Losses Exceed $262 Million

The FBI is alerting the public to a dramatic increase in account takeover (ATO) fraud, where cybercriminals are impersonating financial institutions to steal money and sensitive information. Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received over 5,100 complaints related to ATO schemes, resulting in losses surpassing $262 million.

The Growing Threat of ATO Fraud

ATO fraud involves cybercriminals gaining unauthorized access to online financial accounts – including bank accounts, payroll systems, and health savings accounts – with the intent of illicit financial gain. These attacks target individuals, businesses, and organizations across all sectors, highlighting the widespread nature of the threat.

How Cybercriminals Gain Access

Criminals employ a variety of tactics to compromise accounts, primarily relying on impersonation and deception. They pose as staff members or create fraudulent websites that mimic legitimate financial institutions to trick individuals into divulging their credentials.

Social Engineering: The Art of Manipulation

A core component of ATO fraud is social engineering, where criminals manipulate account holders into willingly handing over login information, including multi-factor authentication (MFA) codes or one-time passcodes (OTP). Impersonating financial institution employees, customer support, or technical personnel is a common tactic. Once credentials are obtained, criminals log into the legitimate website and initiate a password reset, effectively seizing control of the account.

These schemes often involve fraudulent text messages, calls, or emails designed to trick recipients into providing their login details. In some instances, criminals falsely claim fraudulent transactions have occurred, directing victims to phishing websites disguised as legitimate fraud reporting portals. Disturbingly, reports indicate criminals are even impersonating financial institutions and law enforcement, convincing victims to provide account information under the guise of investigating fraudulent purchases, including firearms.

Phishing Domains and SEO Poisoning: Luring Victims to Fraudulent Sites

Cybercriminals also utilize sophisticated phishing domains and websites that closely resemble those of legitimate financial institutions. Unsuspecting users, believing they are accessing the real website, enter their login credentials directly into the hands of the attackers.

Furthermore, criminals are increasingly employing Search Engine Optimization (SEO) poisoning. This involves purchasing advertisements that mimic legitimate business ads, boosting the visibility of their phishing websites in search engine results. When users click on these fraudulent ads, they are directed to convincing, yet fake, websites designed to steal their login information.

Once access is gained, criminals quickly transfer funds to accounts they control, often linked to cryptocurrency wallets, making recovery extremely difficult. They frequently change the account password, locking the legitimate owner out of their own account.

Protecting Yourself from Account Takeover Fraud

Staying vigilant is crucial in preventing ATO fraud. The FBI recommends the following steps:

  • Be cautious about the information you share online and on social media. Details like pet names, schools attended, birthdates, and family information can be used to guess passwords or answer security questions.
  • Regularly monitor your financial accounts for any irregularities, such as missing deposits, unauthorized withdrawals, or unexpected transactions.
  • Always use unique, complex passwords for each account and enable two-factor authentication (MFA) whenever possible – and never disable it.
  • Use bookmarks or favorites to access login websites, avoiding clicks on internet search results or advertisements. MFA offers limited protection if you land on a fraudulent login page.
  • Carefully examine email addresses, URLs, and spelling in unsolicited communications.
  • Be suspicious of unsolicited calls from unknown “banking” or “company” employees; do not trust caller ID. Verify the number independently and call back directly. Legitimate companies will not typically ask for your username, password, or OTP.

What to Do If You’ve Been a Victim of ATO Fraud

If you suspect your account has been compromised, take immediate action:

  • Contact Your Financial Institution: Immediately notify your bank or financial institution to request a recall or reversal of any fraudulent transactions and obtain a Hold Harmless Letter or Letter of Indemnity.
  • Reset or Revoke Compromised Credentials: Reset all passwords and credentials that may have been exposed, including user accounts, service accounts, and certificates. If you use the same password on multiple sites, change it everywhere.
  • File a Complaint: Submit a detailed complaint to the FBI’s IC3 at www.ic3.gov, including all relevant banking information. Be sure to include details about the cybercriminals, such as the impersonated financial institution, name, phone number, address, and email address, as well as any websites or software involved. Use the terms “Account Takeover” or “SEO poisoning” in your incident description.
  • Notify the Impersonated Company: Inform the company that was impersonated about the methods used by the criminals. This allows them to warn others and potentially take down phishing pages.
  • Stay Informed: Visit www.ic3.gov for updated Industry Alerts and Public Service Announcements regarding ATO trends and other cyber-enabled fraud schemes.
Priyanka Patel – Technology Editor

Former software engineer turned tech reporter. Explores AI, cybersecurity, gadgets and start-up culture.

Leave a Comment