Overview
- Criminals impersonate bank staff or spoof official websites to steal credentials, capture one-time or MFA codes, and seize control of accounts.
- Victims include both consumers and organizations, with payroll and savings accounts cited as frequent targets.
- Once inside, attackers often transfer funds to accounts tied to cryptocurrency wallets, making tracing and recovery difficult.
- Authorities and security experts urge frequent account monitoring, strong unique passwords, two-step authentication, direct verification of unexpected contacts, and shopping only on verified sites and secure connections.
- Banks report stepped-up cybersecurity investment and the EU has moved to reinforce PSD2 rules that can hold payment providers liable when anti-fraud controls fall short, as seasonal fraud risks rise across markets.