- The FBI warns that attackers can steal credentials through phishing tricks and quickly take over financial accounts.
- Holiday-themed domains lure users into scams designed to capture sensitive information
- Mobile phishing campaigns use trusted names to trigger clicks and downloads
The FBI reported that cybercriminals stole more than $262 million from U.S. targets through account takeover schemes in 2025, targeting individuals, businesses, and organizations across multiple industries.
More than 5,100 complaints related to these incidents have been received by the FBI, typically involving criminals gaining unauthorized access to financial accounts, payroll systems or health savings accounts.
Social engineering techniques such as phishing emails, scam calls, and text messages are commonly used to manipulate victims into revealing their login information. Once access is gained, attackers can reset passwords, take control of accounts, and transfer funds to accounts they control, often converting the money into cryptocurrency to obscure their trail.
Phishing and Holiday Scams Using AI
“A cybercriminal manipulates the account owner into disclosing their login credentials, including multi-factor authentication (MFA) or one-time passcode (OTP), by impersonating a financial institution employee, customer service, or technical support personnel,” the FBI said.
“The cybercriminal then uses their login credentials to log in to the financial institution’s legitimate website and initiate a password reset, gaining full control of the accounts.”
Cybersecurity companies have reported the growing use of AI to create convincing phishing campaigns, fake websites and social media ads. Fortinet FortiGuard Labs reported detecting more than 750 holiday-themed malicious domains in recent months, with campaigns often targeting users with emergency messages related to events like Black Friday or Christmas, increasing the risk of credential theft.
Low-skill attackers can now deploy very convincing scams that imitate popular brands such as Amazon and Temu.
“By openly sharing information such as the name of a pet, the schools you attended, your date of birth, or information about your family members, you can give scammers the information they need to guess your password or answer your security questions,” the FBI said.
Mobile phishing has also increased, with attackers leveraging trusted brand names to trick users into clicking links or downloading malicious updates.
Shopping scams are emerging as a significant threat, with fake e-commerce stores capturing victims’ payment data and authorizing fraudulent transactions for goods that don’t exist.
Malicious actors continue to exploit vulnerabilities in popular platforms, including Adobe, Oracle E-Business Suite, WooCommerce, and Magento.
Some attacks involve multi-stage funnels that use traffic distribution systems to determine the most vulnerable targets before redirecting them to the final fraudulent sites.
These operations provide immediate financial gain as the victims themselves authorize the payments, with some campaigns even attempting sequential fraudulent transactions to maximize the value of the stolen card.
Cybercriminals often advertise stolen payment cards on dark web marketplaces, funding other campaigns that compromise additional accounts.
The FBI has issued some recommendations for the public to protect themselves from these attacks:
How to stay safe
- Limit personal information shared online
- Monitor financial accounts for unusual activity
- Use unique, complex passwords for all accounts
- Check URLs before connecting to websites
- Be wary of unsolicited messages or calls claiming to come from financial institutions.
- Deploy antivirus software to protect devices from malware
- Enable firewalls to block unauthorized access
- Use Identity Theft Protection to Monitor Personal Information
- Recognize that sophisticated phishing campaigns and AI-based attacks still pose risks
- Effectiveness depends on consistent implementation across devices and networks
Via Hacker news
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
