FBI: Scammers Are Posing as Your Bank – Here’s How to Protect Your Account

The FBI’s Internet Crime Complaint Center (IC3) is warning citizens that cybercriminals are impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes.

Since the start of the year the bureau has logged over 5,100 complaints of account-takeover (ATO) fraud, with reported losses exceeding USD 262 million.

In these schemes, attackers impersonate employees of legitimate financial institutions or support services. Through fraudulent calls, text messages, phishing emails, or fake websites, they trick victims into giving up login credentials, one-time passwords (OTPs), or even multi-factor authentication codes. Once armed with those, criminals log in to real accounts and drain funds, often routing them through other bank accounts or cryptocurrency wallets to hide their tracks.

Cybercriminals may also use SEO poisoning by purchasing ads that imitate legitimate business ads to boost the prominence of their phishing websites by making them look more authentic to customers who use a search engine to locate the business's website.

“When users click on the fraudulent search engine ad, they are directed to a sophisticated fraudulent phishing site that mimics the real website, tricking users into providing their login information,” according to the notice.

The FBI warns that such social engineering attacks – “phishing by phone, email or SMS, and fake websites” – are the top vector for ATO fraud. Victims are often prompted to act fast, told their account shows “suspicious activity,” or asked to “verify” or “secure” their account. The result: total hijacking of financial accounts, loss of money, and significant emotional and financial damage.

A global trend

The FBI’s alert comes against a backdrop of worrying global trends outlined in the Bitdefender 2025 Consumer Cybersecurity Survey.

The survey, with more than 7,000 respondents in several countries, shows:

• 1 in 7 consumers (~14 %) reported falling victim to a scam in the past year.
• The most common scams encountered are delivery, shipping and mail fraud (21%) followed by credential phishing and account takeover (19%) – the type the FBI highlights.
• The channels criminals use reflect the behavior of modern users: social media has overtaken email as the primary vector, and 25% of scams now happen over the phone.
• Despite widespread fear of financial loss (53% cite it as their top cybersecurity concern), many people continue risky habits like accepting cookie prompts without review, or refusing to run a security solution on their device.

In short: the conditions that allow ATO – credential theft, phishing, social engineering, weak password hygiene, and clicking on things without review – are deeply rooted in how people behave online.

Convenience culture

The combination of rising ATO fraud and risky consumer behavior is particularly dangerous. Scammers know that many users rely heavily on their phones and mobile banking, and use weak credentials for multiple accounts, all while lacking basic protections like password managers or dedicated security apps.

This makes impersonation schemes especially effective. A convincing call or text from “your bank’s support” – claiming suspicious activity and urging immediate verification – can lure victims into giving up OTPs or passwords. Once the attackers have access, the damage is often swift and irrecoverable.

For consumers, the result is painful: financial loss, compromised privacy, and a sense of betrayal – especially when they believe they were dealing with a legitimate institution.

How to combat account takeover (ATO) fraud

Based on the FBI alert and our survey insights, here are some immediate steps you can take to protect yourself:

• Use strong, unique passwords – and a password manager. Avoid writing passwords down or reusing them across accounts.
• Don’t overshare online. Scammers scrape details about you from your online interactions to better target you. Our survey shows that younger users, who post and share the most on social media, are twice as likely to be scammed than older generations.
• Enable multi-factor authentication (MFA) on every account that supports it; but never trust MFA or OTP requests that come out of the blue – especially via unsolicited calls or messages.
• Be wary of unsolicited calls, texts or emails from ‘support’ or ‘customer service.’ If asked for credentials or financial information, hang up and call the number on the official website.
• Avoid logging in via links from search engines or ads. Bookmark your bank or institution’s official website, and always double-check URLs for typos or inconsistencies.
• Monitor your accounts regularly. Look out for unauthorized transactions, changes in account settings or unfamiliar withdrawals; catch suspicious activity early.
• Deploy an independent security solution. Use an independent security tool capable of sniffing out attacks on your digital life.
• Use a scam-detection tool: If you're ever suspicious of a certain phone call, email or text, consider using Scamio, our clever chatbot designed specifically to combat socially-engineered attacks on your finances, security, and privacy.

Remember, knowledge is your first line of defense. Stay alert and adopt safe digital habits – it often makes all the difference.

You may also want to read:

FBI Warns of Chinese-Language Phone Scam Targeting US Residents

1 in 7 Consumers Got Scammed in the Past Year – Bitdefender Consumer Cybersecurity Survey 2025

Lost iPhone? Watch Out for this Phishing Trap