Account Takeover Fraud Scheme
The Federal Bureau of Investigation is warning people about a fast-growing scam targeting personal and business financial accounts.
According to the bureau’s Internet Crime Complaint Center, cybercriminals are impersonating financial institutions to try and steal money in what’s known as an Account Takeover Fraud Scheme.
The scheme works by having the cybercriminal impersonate the financial institution’s staff or website to obtain access to the account. The scammers usually reach out through things like texts, calls or emails or via fraudulent websites to try and obtain login credentials, including multi-actor authentication or one-time passcodes. Often, they impersonate an employee of the financial institution or customer or technical support.
The cybercriminal then uses credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts. Before you realize it, your account could be drained.
In some instances, the scammers tell account owners their information was used to make fraudulent purchases. They will convince the target to provide their information to another cybercriminal who impersonates law enforcement and gets the account information. There have also been cases where the cybercriminals use a phishing website – a fake site designed to look like a legitimate business – to obtain financial information.
Once the impersonators have access to and control of the accounts, the cybercriminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets, the FBI said. Those funds are disbursed quickly and are difficult to trace and recover. In some cases, including nearly all social engineering cases, cybercriminals change the online account password, locking the owner out of their own accounts.
To prevent becoming a victim of this type of scam, be leery of calls coming from unknown numbers. If in doubt about the legitimacy of a call purporting to be your bank, hang up and call the number on the back of your debit card or from your statement. Remember, gift cards are for gifts and are NEVER used to satisfy a legitimate debt. Cryptocurrency is not accepted as a form of payment for government debts.