FBI Warns Bank Impersonators Drove $262 Million in Account Takeover Losses in 2025

Overview

• The FBI’s Internet Crime Complaint Center reports more than 5,100 ATO complaints since January 2025 affecting individuals, businesses, and organizations across sectors.
• Criminals pose as bank staff via calls, texts, or emails to coax credentials and MFA or one-time passcodes, then reset passwords to lock out account owners.
• Phishing sites that mimic bank, payroll, or health-savings portals are boosted into search results using malicious ads and SEO poisoning to capture logins.
• Some schemes escalate with a second impostor posing as law enforcement, including false claims of fraudulent purchases such as firearms to extract more data.
• Once accounts are compromised, funds are rapidly wired to criminal-controlled accounts tied to cryptocurrency wallets, complicating tracing and recovery; the FBI advises strong unique passwords, MFA, bookmarking official sites, recalls or Hold Harmless Letters, and notifying impersonated companies for takedowns.