More than USD 262 million was stolen through account takeover fraud in 2025, according to a new US FBI alert published on Nov 25, 2025.
The agency said the Internet Crime Complaint Center (IC3) logged over 5,100 complaints since January. This, the FBI warned, highlights the scale and persistence of impersonation-driven attacks targeting banking, payroll, and health savings accounts.
According to the advisory, cybercriminals routinely posed as financial institution employees, support agents, or fraud investigators to pressure victims into handing over login credentials and Multi-Factor Authentication (MFA) codes.
Once inside an account, attackers reset passwords, locked out legitimate users, and quickly moved funds to criminal-controlled accounts (many tied to cryptocurrency wallets, which made recovery difficult).
Some schemes escalated further. The FBI noted cases in which criminals falsely claimed that fraudulent purchases, including firearms, had been made with the victim’s information. Attackers then introduced a second impersonator posing as law enforcement to extract additional data.
Phishing Sites And Search Ads Drove Credential Harvesting
Alongside direct outreach, criminals built convincing phishing websites designed to look identical to legitimate banking and payroll portals.
Many were promoted via SEO poisoning, a tactic in which attackers purchased fake search ads that appeared above or alongside real institution links. These links led to fraudulent login pages where victims would unknowingly submit their credentials. The FBI advised individuals and organizations improve their defenses by bookmarking legitimate login pages rather than using search results or ads. Victims are also urged to contact their financial institution immediately, request a transaction recall, reset exposed credentials, and submit a complaint with IC3. Organizations impersonated in these scams are encouraged to report incidents so that malicious domains can be removed quickly.
