- FBI warns attackers can steal credentials by way of phishing methods and rapidly take over monetary accounts
- Vacation-themed domains lure customers into scams designed to seize delicate data
- Cell phishing campaigns use trusted names to set off clicks and downloads
The FBI has reported cybercriminals have stolen greater than $262 million from US targets by way of account takeover schemes in 2025 to date, with people, companies, and organizations throughout a number of sectors all focused.
Over 5,100 complaints associated to those incidents have been obtained by the FBI, sometimes involving criminals gaining unauthorized entry to monetary accounts, payroll programs, or well being financial savings accounts.
Social engineering techniques such as phishing emails, fraudulent calls, and texts are commonly used to manipulate victims into revealing login details, and once access is obtained, attackers can reset passwords, take control of accounts, and wire funds to accounts they control, often converting the money into cryptocurrency to obscure the trail.
AI-enhanced phishing and holiday scams
“A cybercriminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support, or technical support personnel,” the FBI said.
“The cybercriminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts.”
Cybersecurity companies have reported the rising use of AI to create convincing phishing campaigns, fake websites, and social media ads, with Fortinet FortiGuard Labs reporting detecting over 750 malicious, holiday-themed domains in recent months, with campaigns often targeting users with urgency-driven messages tied to events like Black Friday or Christmas, growing the chance of credential theft.
Low-skill attackers can now deploy extremely persuasive scams that mimic fashionable manufacturers equivalent to Amazon and Temu.
“By overtly sharing data like a pet’s title, colleges you could have attended, your date of delivery, or details about your loved ones members, you might give scammers the knowledge they should guess your password or reply your safety questions,” the FBI mentioned.
Cell phishing has additionally elevated, with attackers exploiting trusted model names to trick customers into clicking hyperlinks or downloading malicious updates.
Buy scams are rising as a major risk, with pretend e-commerce shops capturing sufferer fee knowledge and authorising fraudulent transactions for items that don’t exist.
Menace actors proceed to use vulnerabilities in widespread platforms, together with Adobe, Oracle E-Enterprise Suite, WooCommerce, and Magento.
Some assaults contain multi-stage funnels that use site visitors distribution programs to find out essentially the most weak targets earlier than redirecting them to remaining rip-off websites.
These operations permit instant monetary achieve as a result of victims themselves authorize the funds, with sure campaigns even try sequential fraudulent transactions to maximise stolen card worth.
Cybercriminals typically promote stolen fee playing cards on darkish net marketplaces, funding additional campaigns that compromise extra accounts.
The FBI has issued some suggestions for the general public to remain protected from these assaults:
How to stay safe
- Limit personal information shared online
- Monitor financial accounts for unusual activity
- Use unique, complex passwords for all accounts
- Verify URLs before logging into websites
- Be cautious of unsolicited messages or calls claiming to be from financial institutions
- Deploy antivirus software to guard units from malware
- Allow firewalls to dam unauthorized entry
- Use identity theft protection to watch private data
- Acknowledge that refined phishing campaigns and AI-driven assaults nonetheless pose dangers
- Effectiveness will depend on constant implementation throughout units and networks
Through The Hacker News
Follow TechRadar on Google News and add us as a preferred source to get our knowledgeable information, critiques, and opinion in your feeds. Be sure that to click on the Observe button!
And naturally you too can follow TechRadar on TikTok for information, critiques, unboxings in video type, and get common updates from us on WhatsApp too.
