Cyber criminals are increasingly impersonating financial institutions to steal money and sensitive information through a tactic known as Account Takeover (ATO) fraud. According to recent FBI data, these schemes are impacting individuals and organizations of all sizes across multiple industries, and the financial impact is significant.

Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received more than 5,100 reports of ATO fraud, with losses exceeding $262 million. Understanding how these attacks work and how to protect yourself is critical to reducing risk.

What Is Account Takeover (ATO) Fraud?

Account Takeover fraud occurs when a cyber-criminal gains unauthorized access to an online account, such as a bank account, payroll platform, or health savings account. Once inside, the attacker’s goal is to steal funds, harvest personal data, or both often locking the rightful owner out of their own account in the process.

These attacks typically rely on deception rather than technical hacking, making them especially dangerous and difficult to detect.

Common ATO Tactics Cyber Criminals Use

1. Social Engineering Scams
One of the most common entry points for ATO fraud is social engineering — manipulating people into giving up their login credentials.

Attackers often pose as:

1. Bank employees
2. Customer support or technical support staff
3. Fraud investigators or law enforcement officials

Victims may receive texts, emails, or phone calls claiming there is suspicious activity on their account. In some cases, the scam escalates — the victim is told their information was used for serious crimes and is transferred to a second impostor posing as law enforcement. The pressure and fear tactics often result in victims sharing usernames, passwords, or multi-factor authentication (MFA) codes.

Once credentials are obtained, criminals log into legitimate websites, reset passwords, and take full control of the account.

2. Phishing Websites and Fake Domains
Another common tactic involves phishing websites designed to closely resemble real financial institutions or payroll platforms. Victims are tricked into entering their login information, unknowingly handing it over to cyber criminals.

How to Stay Protected Against ATO Fraud

The FBI recommends staying vigilant and following these best practices to reduce your risk of account takeover fraud:

1. Be careful about the information you share online or on social media.
   Publicly sharing details such as a pet’s name, schools attended, your date of birth, or family information may give criminals the clues they need to guess passwords or answer security questions.
2. Monitor your financial accounts regularly.
   Watch for irregularities such as missing deposits, unauthorized withdrawals, wire transfers, or unexpected expenditures.
3. Always use unique, complex passwords.
   Enable two-factor authentication (2FA) or multi-factor authentication (MFA) on every account possible and never disable it.
4. Use bookmarks or favorites to access login pages.
   Avoid clicking on internet search results or advertisements to log in. MFA will not protect you if you land on a fraudulent login page. Carefully examine email addresses, URLs, and spelling in unsolicited messages.
5. Stay alert for phishing attempts.
   Be suspicious of unknown “banking” or “company” employees who contact you unexpectedly. Do not trust caller ID. Hang up, locate the official phone number yourself, and call the company directly. Legitimate companies generally will not ask for your username, password, or one-time passcode (OTP).

What To Do If You Suspect Account Takeover Fraud

If you believe your account has been compromised:

1. Contact your local Queensborough branch immediately to report the fraud and request assistance.
2. Reset all affected passwords and any other accounts using the same credentials.
3. Report the incident to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov, including as many details as possible.
4. Notify the impersonated company if a scam involved a fraudulent website or message posing as a legitimate business.

Stay Secure with Queensborough Bank & Trust

Staying alert to phishing attempts, unsolicited messages, and urgent requests for personal information can help prevent ATO fraud. Queensborough National Bank & Trust is committed to helping our customers safeguard their accounts and stay informed about emerging cyber threats.

For additional fraud alerts and resources, visit ic3.gov or contact your local Queensborough branch.