The Federal Bureau of Investigation (FBI) has issued an alert about a growing trend of cyber criminals impersonating financial institutions to carry out ATO fraud schemes, aiming to steal funds or personal information.

Increase in ATO Schemes Across the US

Bad actors are increasingly gaining unauthorized access to online financial institutions, payrolls, and health savings accounts through sophisticated methods. The FBI has reported a significant rise in such incidents since January 2025, with over 5,100 complaints received by the FBI Internet Crime Complaint Center (IC3) and total losses exceeding USD 262 million.

ATO Fraud as a Growing Threat

In 2024, ATO fraud surpassed ransomware as the top enterprise security concern for digital businesses. Sift’s data indicates that this type of fraud is among the fastest-growing threats, with 83% of organizations experiencing at least one incident in 2024 alone.

Estimates predict that losses from ATO will rise to USD 17 billion in 2025, up from USD 13 billion in the previous year. The rapid increase is attributed to malicious bot activities, infostealer malware, and more advanced AI technologies like deepfakes, large-scale credential stuffing, and fraud-as-a-service kits.

Method of Operation

Cyber criminals often pose as legitimate financial institution employees or websites using social engineering techniques. They may use text messages, phone calls, emails, or fraudulent websites to gain access to accounts. Once control is obtained, criminals will often initiate wire transfers to criminal-controlled accounts linked to cryptocurrency wallets, complicating the recovery process. In some cases, they might also change account passwords, locking out the legitimate owner.

FBI’s Tips for Safety

To protect against ATO fraud attempts, the FBI recommends:

• Regularly monitoring financial accounts to identify any irregularities such as missing deposits or unauthorized withdrawals, wire transfers, or expenditures;
• Using unique, complex factors and two-factor authentication or multi-factor security on all accounts;
• Vigilance against phishing attempts;
• Carefulness regarding the information shared online or on social media.

In case of an ATO incident, it is crucial to contact the financial institution, reset or revoke compromised credentials, file a complaint, and inform the impersonated company.