Cybercriminals Stole $262M by Impersonating Bank Support Teams
Summary:
A new advisory from the FBI warns of cyber criminals impersonating financial institutions to conduct account takeover (ATO) fraud. Since January 2025, the FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints reporting ATO fraud, with reported losses exceeding 262 million dollars. These schemes involve gaining unauthorized access to online bank, payroll, or health savings accounts via social engineering techniques such as texts, calls, and emails, and through fraudulent websites. Once in control of these accounts, the fraudsters will quickly wire funds to other attacker-control accounts. Many of these accounts are linked to cryptocurrency wallets, enabling the actors to move the funds through various wallets, which makes tracing and recovery efforts difficult.
Security Officer Comments:
According to the FBI, actors will manipulate account owners into giving up their login credentials, including MA code or one-time passcode, by impersonating a financial institution employee, customer support rep, or technical support personnel. These credentials are then used to initiate password resets on legitimate financial institution websites, enabling full account takeover.
In cases submitted to the IC3, criminals have notified victims, letting them know that their information was used for fraudulent transactions or even firearm purchases to trick the victim into visiting a phishing website or provide sensitive information to a second criminal impersonating law enforcement.
The phishing websites employed in these attacks are designed to look like legitimate financial institutions or payroll websites. In this case, the actors may use search engine optimization (SEO) poisoning to promote these fraudulent websites to the top of search results by purchasing ads.
Suggested Corrections:
Tips from the FBI:
https://www.bleepingcomputer.com/ne...personating-bank-support-teams-since-january/
A new advisory from the FBI warns of cyber criminals impersonating financial institutions to conduct account takeover (ATO) fraud. Since January 2025, the FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints reporting ATO fraud, with reported losses exceeding 262 million dollars. These schemes involve gaining unauthorized access to online bank, payroll, or health savings accounts via social engineering techniques such as texts, calls, and emails, and through fraudulent websites. Once in control of these accounts, the fraudsters will quickly wire funds to other attacker-control accounts. Many of these accounts are linked to cryptocurrency wallets, enabling the actors to move the funds through various wallets, which makes tracing and recovery efforts difficult.
Security Officer Comments:
According to the FBI, actors will manipulate account owners into giving up their login credentials, including MA code or one-time passcode, by impersonating a financial institution employee, customer support rep, or technical support personnel. These credentials are then used to initiate password resets on legitimate financial institution websites, enabling full account takeover.
In cases submitted to the IC3, criminals have notified victims, letting them know that their information was used for fraudulent transactions or even firearm purchases to trick the victim into visiting a phishing website or provide sensitive information to a second criminal impersonating law enforcement.
The phishing websites employed in these attacks are designed to look like legitimate financial institutions or payroll websites. In this case, the actors may use search engine optimization (SEO) poisoning to promote these fraudulent websites to the top of search results by purchasing ads.
Suggested Corrections:
Tips from the FBI:
- Be careful about the information you share online or on social media.
- By openly sharing information like a pet's name, schools you have attended, your date of birth, or information about your family members, you may give scammers the information they need to guess your password or answer your security questions.
- Monitor your financial accounts on a regular basis.
- Watch for irregularities, such as missing deposits or unauthorized withdrawals, wire transfers, or expenditures.
- Always use unique, complex passwords.
- Enable two-factor authentication or MFA on any account possible. Never disable it.
- Use Bookmarks or Favorites for navigating to login websites.
- Avoid clicking on Internet search results or advertisements. MFA will not protect you if you land on a fraudulent login page. Carefully examine any email address, URL, or spelling in unsolicited correspondence.
- Stay vigilant against phishing attempts.
- Be suspicious of unknown "banking" or "company" employees who call you; don't trust caller ID. Hang up, verify the correct number, and call it yourself. Companies generally do not contact you to ask for your username, password, or OTP.
https://www.bleepingcomputer.com/ne...personating-bank-support-teams-since-january/