FBI IC3 public warning on account takeover fraud
Public Sector Action
Summary
Hide ▲
Show ▼
The FBI issued an IC3 public service announcement warning that account takeover (ATO) fraud has caused over $262 million in reported losses since January 2025. The warning says criminals are impersonating financial institutions to steal credentials from bank, payroll, and health savings accounts across all industry sectors. It also urges users to use multi-factor authentication, unique passwords, and bookmarks for banking sites to reduce takeover risk.
Related Happenings
Operation Atlantic approval-phishing takedown
Law Enforcement
First: 13.04.2026 11:00
Last: 13.04.2026 11:00
Sources 1
About this happening:
A **UK-led** cross-border operation carried out a **takedown** of **approval phishing** crypto fraud networks, freezing **$12m** and identifying **more than 20,000 victims**. The...
Operation Atlantic approval-phishing takedown
Law EnforcementAbout this happening: A **UK-led** cross-border operation carried out a **takedown** of **approval phishing** crypto fraud networks, freezing **$12m** and identifying **more than 20,000 victims**. The...
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive Guidance
First: 21.03.2026 15:17
Last: 21.03.2026 15:17
Sources 1
About this happening:
A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive GuidanceAbout this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
FBI public warning on Signal and WhatsApp phishing
Public Sector Action
First: 20.03.2026 22:45
Last: 20.03.2026 22:45
Sources 1
About this happening:
The **FBI** issued a **public service announcement** warning that **Signal** and **WhatsApp** users are being targeted in **phishing campaigns**. The warning says the activity has...
FBI public warning on Signal and WhatsApp phishing
Public Sector ActionAbout this happening: The **FBI** issued a **public service announcement** warning that **Signal** and **WhatsApp** users are being targeted in **phishing campaigns**. The warning says the activity has...
ShinyHunters voice-phishing campaign targeting SSO accounts for extortion
Campaign
First: 24.01.2026 01:35
Last: 24.01.2026 01:35
Sources 1
About this happening:
A **ShinyHunters**-linked extortion campaign is using **voice phishing** to target **Salesforce customers** and steal data for ransom, with the operation first surfacing in **May...
ShinyHunters voice-phishing campaign targeting SSO accounts for extortion
CampaignAbout this happening: A **ShinyHunters**-linked extortion campaign is using **voice phishing** to target **Salesforce customers** and steal data for ransom, with the operation first surfacing in **May...
Latest development: 27.04.2026 17:43
ShinyHunters breached ADT after compromising an employee's Okta single sign-on (SSO) account in a vishing attack, then used that access to reach ADT's Salesforce instance and steal data. Have I Been Pwned said the exposed data affected 5.5 million people and included names, phone numbers, addresses, and in a small percentage of cases dates of birth and partial Social Security numbers or Tax IDs; the group later leaked an 11GB archive after extortion failed.
Timeline
-
25.11.2025 19:23 2 articles · 6mo ago
FBI warns of account takeover fraud and credential theft
Initial DisclosureThe FBI issued an IC3 public warning about a surge in account takeover (ATO) fraud in which cybercriminals impersonate financial institutions and support staff through texts, calls, emails, phishing sites, and SEO poisoning to steal credentials for online bank, payroll, and health savings accounts. The agency said the schemes have driven over $262 million in stolen funds and more than 5,100 complaints since January 2025, and it advised monitoring financial accounts, using unique passwords, enabling multi-factor authentication, and opening banking websites through bookmarks rather than search results.
Show sources
- FBI: Cybercriminals stole $262M by impersonating bank support teams — www.bleepingcomputer.com — 25.11.2025 19:23
- FBI Warns of $262M Losses from Account Takeover Fraud in 2025 — www.infosecurity-magazine.com — 26.11.2025 16:15