- FBI warns attackers can steal credentials through phishing tricks and quickly take over financial accounts
- Holiday-themed domains lure users into scams designed to capture sensitive information
- Mobile phishing campaigns use trusted names to trigger clicks and downloads
The FBI has reported that cybercriminals have stolen more than $262 million from US targets through account takeover schemes in 2025 so far, with individuals, businesses and organizations across multiple sectors all targeted.
Over 5,100 complaints related to these incidents have been received by the FBI, typically involving criminals gaining unauthorized access to financial accounts, payroll systems or health savings accounts.
Social engineering techniques such as phishing emails, fraudulent calls and texts are commonly used to manipulate victims into revealing login information, and once access is gained, attackers can reset passwords, take control of accounts and transfer money to accounts they control, often converting the money to cryptocurrency to hide their tracks.
AI-enhanced phishing and holiday scams
“A cybercriminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support or technical support staff,” the FBI said.
“The cybercriminal then uses login credentials to log into the legitimate financial institution’s website and initiate a password reset, ultimately gaining full control of the accounts.”
Cybersecurity companies have reported the increasing use of artificial intelligence to create convincing phishing campaigns, fake websites and social media ads, with Fortinet FortiGuard Labs reporting that it has detected over 750 holiday-themed malicious domains in recent months, with campaigns often targeting users with urgent messages such as
Low-skill attackers can now deploy highly convincing scams impersonating popular brands such as Amazon and Temu.
“By openly sharing information like a pet’s name, schools you attended, your date of birth or information about your family members, you can give fraudsters the information they need to guess your password or answer your security questions,” the FBI said.
Mobile phishing has also increased, with attackers leveraging trusted brand names to trick users into clicking links or downloading malicious updates.
Purchase fraud is emerging as a significant threat, with fake e-commerce stores capturing victim payment data and authorizing fraudulent transactions for items that don’t exist.
Threat actors continue to exploit vulnerabilities in common platforms, including Adobe, Oracle E-Business Suite, WooCommerce and Magento.
Some attacks involve multi-stage funnels that use traffic distribution systems to determine the most vulnerable targets before redirecting them to final fraud pages.
These operations allow for immediate financial gain because victims themselves authorize the payments, and some campaigns even attempt sequential fraudulent transactions to maximize stolen card value.
Cybercriminals often advertise stolen payment cards on dark web marketplaces and fund additional campaigns that compromise additional accounts.
The FBI has issued some recommendations for the public to stay safe from these attacks:
How to stay safe
- Limit personal information shared online
- Monitor financial accounts for unusual activity
- Use unique, complex passwords for all accounts
- Verify URLs before logging into websites
- Be wary of unsolicited messages or calls claiming to be from financial institutions
- Deploy antivirus software to protect devices from malware
- Enable firewalls to block unauthorized access
- Use identity theft protection to monitor personal information
- Recognize that sophisticated phishing campaigns and AI-powered attacks still pose a risk
- Efficiency depends on consistent deployment across devices and networks
Via Hacker News
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
