- The FBI warns that attackers can steal credentials using phishing scams and quickly take over financial accounts.
- Holiday domains lure users into fraudulent schemes designed to collect sensitive information.
- Mobile phishing campaigns use trusted names to trigger clicks and downloads.
The FBI reported that in 2025, cybercriminals stole more than $262 million from U.S. targets through account takeover schemes, all targeting individuals, businesses and organizations across multiple sectors.
The FBI has received more than 5,100 complaints related to these incidents, typically involving criminals gaining unauthorized access to financial accounts, payroll systems or healthcare savings accounts.
Social engineering techniques such as phishing emails, scam calls and text messages are commonly used to manipulate victims into revealing login details, and once access is gained, attackers can reset passwords, take control of accounts and transfer funds to accounts they control, often converting the money into cryptocurrency to cover their trail.
Phishing and fraud using artificial intelligence
“The cybercriminal manipulates the account owner into giving up their login credentials, including a multi-factor authentication (MFA) code or one-time password (OTP), by impersonating a financial institution, customer service, or technical support employee,” the FBI said.
“The cybercriminal then uses the login credentials to the legitimate financial institution website and initiates a password reset, ultimately gaining full control of the accounts.”
Cybersecurity companies are reporting an increase in the use of AI to create convincing phishing campaigns, fake websites and social media ads. According to Fortinet FortiGuard Labs, more than 750 holiday-themed malicious domains have been detected in recent months, with campaigns often targeting users with urgent messages tied to events such as Black Friday. or Christmas, increasing the likelihood of credential theft.
Low-skilled attackers can now use highly convincing scams that imitate popular brands such as Amazon and Collection.
“By openly sharing information such as the name of a pet, the schools you attended, your date of birth, or information about your family members, you can give scammers the information they need to guess your password or answer your security questions,” the FBI said.
Mobile phishing has also increased, with attackers using trusted brands to trick users into clicking links or downloading malicious updates.
Purchase fraud is becoming a major threat, with fake e-commerce stores collecting victims' payment details and allowing fraudulent transactions for items that don't exist.
Attackers continue to exploit vulnerabilities on common platforms, including AdobeOracle E-Business Suite, WooCommerce and Magento.
Some attacks involve multi-stage funnels that use traffic distribution systems to identify the most vulnerable targets before redirecting them to the final fraudulent sites.
These transactions provide immediate financial benefits as victims authorize the payments themselves, and some campaigns even attempt sequential fraudulent transactions to maximize the value of the stolen card.
Cybercriminals often advertise stolen payment cards on darknet marketplaces, funding further campaigns to compromise additional accounts.
The FBI has issued several recommendations to the public to protect themselves from these attacks:
How to Stay Safe
- Limit the personal information shared online
- Monitor financial accounts for unusual activity
- Use unique, strong passwords for all accounts.
- Check URLs before entering websites
- Be wary of unsolicited messages or calls purporting to be from financial institutions.
- Deploy antivirus software to protect devices from malware
- Give opportunity firewalls to block unauthorized access
- Use identity theft protection to track personal information
- Recognize that sophisticated phishing campaigns and AI attacks remain a threat.
- Effectiveness depends on consistent implementation across all devices and networks.
By using Hacker news
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
