TZUTC: -0500   
   MSGID: 1756.consprcy@1:2320/105 2d91a1f7   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   FBI says hackers have stolen $262 million in account takeover scams in 2025    
   so far - here's how you can stay safe   
      
   Date:   
   Sat, 29 Nov 2025 22:33:00 +0000   
      
   Description:   
   Cybercriminals have stolen hundreds of millions through AI-driven phishing,   
   fake stores, and account takeover scams targeting users across financial   
   platforms.   
      
   FULL STORY   
      
   The FBI has reported cybercriminals have stolen more than $262 million from    
   US targets through account takeover schemes in 2025 so far, with individuals,   
   businesses, and organizations across multiple sectors all targeted.    
      
   Over 5,100 complaints related to these incidents have been received by the   
   FBI, typically involving criminals gaining unauthorized access to financial   
   accounts, payroll systems, or health savings accounts.    
      
   Social engineering techniques such as phishing emails, fraudulent calls, and   
   texts are commonly used to manipulate victims into revealing login details,   
   and once access is obtained, attackers can reset passwords, take control of   
   accounts, and wire funds to accounts they control, often converting the money   
   into cryptocurrency to obscure the trail.   
      
   AI-enhanced phishing and holiday scams   
      
   "A cybercriminal manipulates the account owner into giving away their login   
   credentials, including multi-factor authentication (MFA) code or One-Time   
   Passcode (OTP), by impersonating a financial institution employee, customer   
   support, or technical support personnel," the FBI said.    
      
   "The cybercriminal then uses login credentials to log into the legitimate   
   financial institution website and initiate a password reset, ultimately   
   gaining full control of the accounts."    
      
   Cybersecurity companies have reported the rising use of AI to create   
   convincing phishing campaigns, fake websites, and social media ads, with   
   Fortinet FortiGuard Labs reporting detecting over 750 malicious,   
   holiday-themed domains in recent months, with campaigns often targeting users   
   with urgency-driven messages tied to events like Black Friday or Christmas,   
   increasing the likelihood of credential theft.    
      
   Low-skill attackers can now deploy highly persuasive scams that mimic popular   
   brands such as Amazon and Temu.    
      
   "By openly sharing information like a pet's name, schools you have attended,   
   your date of birth, or information about your family members, you may give   
   scammers the information they need to guess your password or answer your   
   security questions," the FBI said.    
      
   Mobile phishing has also increased, with attackers exploiting trusted brand   
   names to trick users into clicking links or downloading malicious updates.    
      
   Purchase scams are emerging as a significant threat, with fake e-commerce   
   stores capturing victim payment data and authorising fraudulent transactions   
   for goods that do not exist.    
      
   Threat actors continue to exploit vulnerabilities in common platforms,   
   including Adobe, Oracle E-Business Suite, WooCommerce, and Magento.    
      
   Some attacks involve multi-stage funnels that use traffic distribution    
   systems to determine the most vulnerable targets before redirecting them to   
   final scam sites.    
      
   These operations allow immediate financial gain because victims themselves   
   authorize the payments, with certain campaigns even attempt sequential   
   fraudulent transactions to maximize stolen card value.    
      
   Cybercriminals often advertise stolen payment cards on dark web marketplaces,   
   funding further campaigns that compromise additional accounts.    
      
   The FBI has issued some recommendations for the public to stay safe from    
   these attacks: How to stay safe Limit personal information shared online   
   Monitor financial accounts for unusual activity Use unique, complex passwords   
   for all accounts Verify URLs before logging into websites Be cautious of   
   unsolicited messages or calls claiming to be from financial institutions   
   Deploy antivirus software to protect devices from malware Enable firewalls to   
   block unauthorized access Use identity theft protection to monitor personal   
   information Recognize that sophisticated phishing campaigns and AI-driven   
   attacks still pose risks Effectiveness depends on consistent implementation   
   across devices and networks    
      
   Via The Hacker News    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/fbi-says-hackers-have-stolen-usd262-million-in-a   
   ccount-takeover-scams-in-2025-so-far-heres-how-you-can-stay-safe   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426