- FBI warns that attackers can steal credentials through phishing tricks and quickly take over financial accounts
- Christmas-themed domains lure users into scams designed to capture sensitive information
- Mobile phishing campaigns use trusted names to generate clicks and downloads
The FBI has reported that cybercriminals have so far stolen more than $262 million from U.S. targets through account takeover schemes in 2025, targeting individuals, businesses, and organizations across multiple sectors.
The FBI has received more than 5,100 complaints related to these incidents, which typically involve criminals gaining unauthorized access to financial accounts, payroll systems, or health savings accounts.
Social engineering techniques such as phishing emails, scam calls, and text messages are commonly used to manipulate victims into revealing login details, and once access is gained, attackers can reset passwords, take control of accounts, and transfer funds to accounts they control, often converting the money into cryptocurrency to hide their tracks.
AI-Enhanced Holiday and Phishing Scams
“A cybercriminal manipulates the account owner into providing their login credentials, including the multi-factor authentication (MFA) code or one-time access code (OTP), by posing as a financial institution employee, customer service staff, or technical support staff,” the FBI said.
“The cybercriminal then uses the login credentials to log into the financial institution’s legitimate website and initiate a password reset, ultimately gaining full control of the accounts.”
Cybersecurity companies have reported the increasing use of AI to create convincing phishing campaigns, fake websites, and social media ads. Fortinet FortiGuard Labs reported detecting more than 750 malicious Christmas-themed domains in recent months, with campaigns often targeting users with urgent messages tied to events such as Black Friday or Christmas, increasing the likelihood of credential theft.
Low-skilled attackers can now deploy highly persuasive scams that imitate popular brands like Amazon and Temu.
“By openly sharing information such as a pet’s name, the schools you have attended, your date of birth, or information about your family members, you can give scammers the information they need to guess your password or answer their security questions,” the FBI said.
Mobile phishing has also increased, with attackers exploiting trusted brands to trick users into clicking on links or downloading malicious updates.
Shopping scams are emerging as a major threat, with fake e-commerce stores capturing victims’ payment data and authorizing fraudulent transactions for goods that do not exist.
Threat actors continue to exploit vulnerabilities in common platforms, including Adobe, Oracle E-Business Suite, WooCommerce, and Magento.
Some attacks involve multi-stage funnels that use traffic distribution systems to determine the most vulnerable targets before redirecting them to the final fraudulent sites.
These operations allow for immediate financial gains because the victims themselves authorize the payments, and certain campaigns even attempt sequential fraudulent transactions to maximize the value of the stolen cards.
Cybercriminals often advertise stolen payment cards on dark web marketplaces, funding further campaigns that compromise additional accounts.
The FBI has issued some recommendations for the public to stay safe from these attacks:
How to stay safe
- Limit personal information shared online
- Monitor financial accounts for unusual activity.
- Use unique and complex passwords for all accounts
- Check URLs before logging into websites
- Be wary of unsolicited messages or calls claiming to be from financial institutions.
- Deploy antivirus software to protect devices from malware
- Enable firewalls to block unauthorized access
- Use identity theft protection to monitor personal information
- Recognize that sophisticated phishing campaigns and AI-powered attacks still pose risks
- Effectiveness depends on consistent deployment across devices and networks.
Through Hacker News
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
