Cybersecurity

Fbi Reports $262m In Ato Fraud As Researchers Cite Growing Ai...

2025-11-26 0 views admin
Fbi Reports $262m In Ato Fraud As Researchers Cite Growing Ai...

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes.

The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more than $262 million in losses since the start of the year. The FBI said it has received over 5,100 complaints.

ATO fraud typically refers to attacks that enable threat actors to obtain unauthorized access to an online financial institution, payroll system, or health savings account to siphon data and funds for personal gain. The access is often obtained by approaching targets through social engineering techniques, such as texts, calls, and emails that prey on users' fears, or via bogus websites.

These methods make it possible for attackers to deceive users into providing their login credentials on a phishing site, in some instances, urging them to click on a link to report purported fraudulent transactions recorded against their accounts.

"A cybercriminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support, or technical support personnel," the FBI said.

"The cybercriminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts."

Other cases involve threat actors masquerading as financial institutions contacting account owners, claiming their information was used to make fraudulent purchases, including firearms, and then convincing them to provide their account information to a second cybercriminal impersonating law enforcement.

The FBI said ATO fraud can also involve the use of Search Engine Optimization (SEO) poisoning to trick users looking for businesses on search engines into clicking on phony links that redirect to a lookalike site by means of malicious search engine ads.

Regardless of the method used, the attacks have one aim: to seize control of the accounts and swiftly wire funds to other accounts under their control, and change the passwords, effectively locking out the account owner. The accounts to which the money is transferred are further linked to cryptocurrency wallets to convert them int

Source: The Hacker News

🏷️ Tags

attackthreat

More from Cybersecurity

New Microsoft Is Retiring 'send To Kindle' In Word 2026

New Microsoft Is Retiring 'send To Kindle' In Word 2026

2026-01-11 0
Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

2026-01-10 0
Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

2026-01-10 0
Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

2026-01-10 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views