FBI: Financial Account Takeovers Becoming More Common as Bank Staff Impersonation Becomes Easier

A recent FBI warning serves as another indication of how the field of phishing is expanding as it is made more accessible with modern tools. The Internet Crime Complaint Center (IC3) is reporting a major spike in financial account takeovers in 2025, with the attackers commonly posing as either bank staff or law enforcement (or both) to gain the trust of victims.

The spike is very likely fueled by AI tools that have made it trivial to communicate in a polished way in foreign languages, copy the communication style and websites of legitimate companies, and quickly dig up public information about targets. The underground market is busy removing even this modest level of work, packing up beginner-oriented phishing kits that come with most of this work done already.

Account takeovers can start with direct messaging or search ad poisoning

The account takeovers come in a variety of forms, including at times spoofing the IC3’s own incident reporting site. In addition to impersonating bank staff, the attackers sometimes pay for legitimate search engine ads that target people searching for the financial institution’s URL.

The overall goal is usually to get people to phishing pages that may look identical to the real thing, and to capture login information and any MFA codes that might be in use. While this approach requires some finesse, it does not require any particularly technical hacking knowledge. Thus the explosion in phishing kits for amateurs, sometimes accompanied by AI tools or live access to a more experienced hacker as part of an ongoing subscription fee.

The FBI’s warning about this increase in activity is timely given the usual holiday spike in hacking attempts, as sectors such as retail and banking are more heavily targeted during the shopping season than at any other time of year. But the spike in account takeovers they have recorded dates back to January 2025, and notes an unusual amount of attackers successfully posing as bank staff to move the scam along.

Unsolicited messages from bank staff should always be double-checked

Another point in support of the introduction of many new “small fish” to the phishing pool is the fact that these account takeovers are not focusing on any particular target type or demographic. Sophisticated attackers usually focus on targets known to have deep pockets. These scammers are apparently willing to target anyone who happens to click on one of their search ads.

IC3 says that it has recorded over 5,100 complaints about these account takeover incidents in 2025, with total losses of about $262 million. The criminals may do initial wire transfers once the account is accessed, but the money will almost always make its way to being converted into crypto and sent to mixers that make it nearly impossible to track and claw back. The FBI also notes that attackers are often changing user passwords as a first step and locking the legitimate account owner out.

Any communications purporting to be from bank staff should be independently verified, especially during this highly active scamming season. The FBI also recommends taking this opportunity to bookmark regularly used financial sites instead of relying on search engines to find the URLs, and making sure that a secure MFA method has been engaged where available.