FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

Briefly

"The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeover (ATO) fraud schemes. The activity targets individuals, businesses, and organizations of varied sizes and across sectors, the agency said, adding the fraudulent schemes have led to more than $262 million in losses since the start of the year. The FBI said it has received over 5,100 complaints."

"ATO fraud typically refers to attacks that enable threat actors to obtain unauthorized access to an online financial institution, payroll system, or health savings account to siphon data and funds for personal gain. The access is often obtained by approaching targets through social engineering techniques, such as texts, calls, and emails that prey on users' fears, or via bogus websites. These methods make it possible for attackers to deceive users into providing their login credentials on a phishing site, in some instances, urging them to click on a link to report purported fraudulent transactions recorded against their accounts."

""A cybercriminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support, or technical support personnel," the FBI said. "The cybercriminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts.""