The FBI is warning the public about a sharp rise in bank impersonation activity that has resulted in more than 262 million dollars in confirmed losses this year. According to the FBI’s Internet Crime Complaint Center (IC3), criminals running coordinated fake support operations are targeting victims across the United States and using account takeover techniques to drain online banking, payroll, and health savings accounts.
IC3 says it has received more than 5,100 complaints involving bank impersonation since January. These incidents affect individuals, small businesses, hospitals, service providers, and larger organizations that rely on online financial portals. Criminals contact victims through phone calls, text messages, and emails while pretending to be fraud departments or customer service staff from well known financial institutions. The FBI warns that these operations are becoming more polished, making them difficult for victims to identify in the moment.
Attackers often begin by claiming that suspicious transactions or unauthorized access attempts have been detected on the victim’s account. Once the victim is convinced they are speaking with a legitimate bank representative, criminals request login credentials, one time passcodes, or multi factor authentication codes. With this information, attackers immediately sign in to the victim’s real account and initiate transfers to criminal controlled destinations. Many of these transfers are quickly converted to cryptocurrency, which makes recovery extremely difficult.
The FBI says criminals frequently reset the victim’s password as soon as they gain access. This locks the legitimate account owner out and prevents them from intervening before the funds are moved. Victims often discover the fraud only after noticing missing balances, rejected login attempts, or email notifications showing password changes they did not authorize.
A growing number of these incidents involve phishing websites designed to look identical to real banking portals. Victims are directed to these sites through links sent in text messages or emails. In many cases, criminals rely on search engine manipulation by purchasing ads that appear above the legitimate bank’s website. When victims search for a support number online, they may unknowingly click a fraudulent link that routes them straight into the fake support operation.
Some victims report being contacted by multiple criminals pretending to be different authorities. After the first attacker impersonates a bank representative, a second caller may pose as a law enforcement officer. The goal is to increase the pressure and convince the victim that urgent action is needed to secure their account. This layered impersonation tactic has been especially effective at convincing victims to reveal sensitive financial information.
The FBI advises anyone who receives unsolicited communication about bank activity to verify the call independently. Individuals should avoid using links provided through messages or numbers found in search engine results. Instead, the FBI recommends contacting the financial institution directly using the support number printed on official statements or listed on the bank’s verified website.
Victims who believe their account was compromised should alert their financial institution immediately to request a recall or reversal of the unauthorized transfer. The FBI also urges victims to file a complaint with the Internet Crime Complaint Center and provide as much information as possible, including fraudulent phone numbers, phishing URLs, and cryptocurrency addresses used by attackers.
The FBI expects bank impersonation attacks to continue increasing throughout the year as criminals refine their social engineering techniques and expand their fake support operations. IC3 recommends regular account monitoring, stronger password practices, and careful verification of any unexpected communication related to financial security.
