Bank Support Team Impersonators Swindle $262M in Cybercrime Heist

The Federal Bureau of Investigation (FBI) has issued a stark alert regarding a significant increase in account takeover (ATO) fraud schemes. Cybercriminals, posing as financial institutions, have successfully executed ATO attacks, resulting in the theft of more than $262 million since the beginning of this year.

From January 2025 onwards, the FBI’s Internet Crime Complaint Center (IC3) has documented over 5,100 complaints related to these attacks, affecting individuals, businesses, and organizations across various industries.

In these fraudulent activities, criminals unlawfully access online bank, payroll, or health savings accounts by employing diverse social engineering tactics or deceptive websites, as outlined by the FBI.

Once they have gained control, these perpetrators transfer funds to cryptocurrency wallets, complicating the retrieval process significantly. They often change account passwords, barring legitimate owners from accessing their accounts.

According to a public service announcement from the IC3, “Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover.”

The FBI advises individuals to monitor their financial accounts diligently, use complex and unique passwords, enable multi-factor authentication, and directly visit banking websites through bookmarks rather than search results.

Victims are encouraged to promptly contact their financial institution to request a recall and obtain Hold Harmless Letters/indemnification documents, which could mitigate losses. Additionally, the FBI suggests filing detailed complaints at ic3.gov, including information about criminal financial accounts and impersonated companies.

Deceptive Practices and Law Enforcement Impersonation

Fraudsters commonly masquerade as bank personnel or customer support representatives through various means such as texts, calls, or emails to coerce potential victims into divulging login credentials, including multi-factor authentication (MFA) or One-Time Passcode (OTP) codes.

Subsequently, the stolen credentials are utilized to access the financial institution’s website and initiate a password reset, granting the perpetrators control over the victims’ accounts.

Reports from victims indicate that some criminals have falsely alleged that the victims’ information was utilized in fraudulent activities or firearm purchases to deceive victims into visiting phishing websites or divulging sensitive information to a second criminal impersonating law enforcement.

These phishing websites are meticulously crafted to resemble legitimate financial or payroll platforms. In some instances, attackers leverage search engine optimization (SEO) tactics to elevate their fraudulent websites in search results through ads.

In a separate warning, the FBI highlighted that cybercriminals are also mimicking the Internet Crime Complaint Center (IC3) website in financial scams or for the purpose of extracting personal information from their targets.