In what some people have called the most dangerous week on the internet, with Black Friday sales due to end on December 2, you may well be fed up with the cybersecurity warnings. But seasonal threats to online shoppers are just one of the dangers facing all internet users, all year round. When the feds, be that in the form of the Cybersecurity and Infrastructure Security Agency warning of smartphone spyware attacks, or the Federal Bureau of Investigation itself issuing a security advisory as hackers impersonate the Internet Crime Complaint Center, you need to be extra alert. As is the case now that the FBI has warned of a relatively rudimentary hacking threat with devastating consequences. Ignore this advice and risk your bank account being drained of all funds.
FBI Issues Critical Bank Account Threat Warning PSA-251125
Cybersecurity threats targeting users of online financial institutions are as old as most of those institutions themselves. Whether it is PayPal in the hacker crosshairs, Bitcoin wallets, or even more traditional banking services, the dangers are plentiful and potentially devastating. No more so than those as outlined in FBI public service advisory number I-112525-PSA.
Since January 2025, the FBI has confirmed that more than $262 million has been lost to attackers participating in the subject of this advisory: financial account takeover fraud. And that’s just from the 5,100 attacks that were reported to the IC3 site. The actual figure is likely to be much, much higher. Of course, whether you have $500 or $5 million in your bank account, if a hacker steals it all, it will be just as impactful on your life. Perspective is everything. Well, not quite, preparation and awareness should be included in that sweeping statement.
At the root of all this cyber-evil is phishing, or social engineering, if you prefer a more formal sobriquet, and it involves manipulating the victim to obtain their online bank account credentials, including their password and two-factor authentication code. This is usually done, the FBI said, simply by “impersonating a financial institution employee, customer support, or technical support personnel.” Once the attacker has that, it’s a relatively rudimentary process, in far too many cases, of initiating a password reset to gain full control and start transferring funds.
“In some instances,” the FBI warned, “the cyber criminal states there are fraudulent transactions on the financial account and may provide a link to a phishing website that the account owner believes will report the fraud or prevent additional fraudulent transactions.” Because the accounts that receive funds are often linked to crypto wallets, it becomes much harder to trace and recover the cash. In “nearly all social engineering cases,” the FBI warning continued, the account owner is locked out by a change of password.
Heed the advice from the FBI: “Be suspicious of unknown banking or company employees who call you; don’t trust caller ID. Hang up, verify the correct number, and call it yourself.”
