FBI Warns of Surge in AI-Driven Account Takeover Fraud Ahead of Holidays
The FBI has reported a surge in fraudulent schemes involving the takeover of financial accounts and warned that such attacks may intensify as the holiday shopping season approaches. According to the agency, more than 5,100 complaints related to account-takeover fraud have been filed since January, with total losses exceeding $262 million. Experts note that criminals are actively exploiting social engineering through text messages, phone calls, and email to gain access to bank accounts, payment services, and medical savings programs, which they then drain completely.
There have been cases in which attackers impersonated representatives of financial institutions, extracted logins and passwords, and then altered the account credentials, effectively depriving victims of control over their own profiles. Other schemes relied on sending alerts about fictitious suspicious transactions: victims received links to fraudulent pages inviting them to “verify” their activity, enabling attackers to collect data for subsequent breaches.
Recent years have also seen the rise of SEO poisoning, in which scammers place advertisements that closely mimic the appearance of well-known online platforms. Clicking these links leads victims to spoofed sites, where their credentials are harvested and funds are transferred to accounts linked to cryptocurrency wallets, complicating both tracing and recovery of the stolen assets.
The FBI emphasizes that in most social-engineering cases, criminals immediately change account passwords, locking victims out of their own profiles. The risk grows during periods of heightened online shopping, when internet traffic and transaction volumes increase dramatically.
Several cybersecurity firms also published analyses in November describing how generative technologies are making it easier to scale fraudulent campaigns. According to their assessments, criminals are using artificial intelligence to quickly build convincing counterfeit websites that are visually indistinguishable from those of major brands.
FortiGuard analysts reported the registration of at least 750 malicious holiday-themed domains in the past three months. These frequently incorporated terms such as “Christmas,” “Black Friday,” and “Flash Sale.” Additionally, more than 2,900 domains mimicked popular products, further complicating detection. Red Canary notes that AI enables these lures to be personalized and dynamic, turning phishing into a continuous, adaptive assault on a mass audience.
FortiGuard also highlights the large datasets being sold on the dark web, including more than 1.57 million compromised accounts tied to major e-commerce platforms and stolen via credential-stealing malware.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
