Overview
- The FBI says more than 5,100 complaints since January detail account takeover schemes targeting bank, payroll and health savings accounts.
- Attackers pose as bank staff via texts, calls or emails to elicit credentials, including multi-factor authentication or one-time passcodes.
- Phishing sites that mimic legitimate portals capture logins, with search ads and SEO poisoning pushing fake pages to the top of results.
- Once inside, criminals rapidly wire funds to accounts tied to cryptocurrency wallets and often reset passwords to lock out the owner.
- The Bureau urges unique passwords, MFA, bookmarked logins, immediate recall requests and Hold Harmless letters, plus detailed reports to IC3.gov, while researchers flag AI-crafted lures, hundreds of holiday-themed domains and a fourfold rise in mobile phishing.