When it comes to your money, peace of mind matters. That’s why we want to make sure you’re aware of a new warning from the FBI about a surge in Account Takeover (ATO) fraud — a growing scam where criminals pretend to be your financial institution to get access to your accounts.
Since January 2025, more than 5,100 people have reported ATO fraud, with losses topping $262 million. But with the right habits and a little extra caution, you can protect yourself.
Let’s break it down in simple terms, so you know what to look for — and what to do.
What Is Account Takeover Fraud?
ATO fraud happens when a criminal gains access to your online banking, payroll, or savings accounts and takes control.
They do this by pretending to be someone you trust — usually your bank or credit union — and tricking you into sharing sensitive information.
Once they’re in, they often:
- Change your password
- Lock you out
- Transfer money quickly, often to crypto-linked accounts
- Make it very difficult to recover the stolen funds
How Criminals Pull It Off
1. Social Engineering (The “We’re Calling From Your Bank” Trick)
Fraudsters may call, text, or email you pretending to be:
- A customer service rep
- A fraud department employee
- A technical support specialist
They might say things like:
- “We detected a fraudulent purchase.”
- “We need to verify your account.”
- “We’re sending a code to your phone—read it back to me.”
⚠️ Red flag: They ask for your password, PIN, or MFA/OTP code.
No legitimate financial institution will ever do that. Some scammers even involve a second impersonator claiming to be “law enforcement” to add pressure.
2. Fake Login Pages & SEO PoisoningScammers also build websites that look exactly like a real credit union login page.
These fake pages often appear:
- In Google search ads
- At the top of search results
- Linked from emails or texts
If you enter your username and password there, scammers instantly receive it — and take over your account.
How to Protect Yourself
Think of these as your everyday “digital seatbelts”:
✔ Use strong, unique passwords
Avoid using the same password across multiple accounts.
✔ Turn on Multi-Factor Authentication (MFA)
And never share an OTP/MFA code with anyone — ever.
✔ Use bookmarks to access your online banking
Avoid clicking search results or ads for login pages.
✔ Be cautious with unsolicited calls, emails, or texts
If someone reaches out claiming to be from your financial institution:
- Hang up
- Look up the official number
- Call back directly
✔ Monitor your accounts regularly
Check for unusual activity like missing deposits, wire transfers, or withdrawals.
✔ Think twice before oversharing online
Social media clues like pet names or birthdays can help scammers guess security answers.
What To Do If You Think a Scammer Got In
If something feels off, act fast — timing matters.
1. Contact your financial institution immediately
Ask for:
- A recall or reversal of any fraudulent transfer
- A Hold Harmless or Letter of Indemnity
- Guidance on next steps
Especially if you reuse passwords across accounts.
3. File a report with the FBI IC3
www.ic3.gov
Include as many details as possible.
4. Notify the company that was impersonated
This helps protect others.
Staying Ahead of Scammers
Fraudsters evolve — but so do protections. We’re committed to helping you stay informed, aware, and in control of your financial safety.
Visit ic3.gov any time for the latest FBI alerts and fraud prevention resources.
And remember: If something feels off, it’s always okay to pause and verify. We’re here to help.