Financial Education

Account Takeover Fraud

Published on
December 1, 2025

The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the goal of stealing money or information for personal gain. Since January 2025, the FBI Internet Crime Complaint Center (IC3) received more than 5,100 complaints reporting ATO fraud, with losses exceeding $262 million.

Genesee Co-op will not text or call you and ask you for your login credentials. Our only legitimate number to reach us is 585-461-2230. If anyone texts or calls and tells you to call back another number or does anything possibly suspicious, hang up and call us at 585-461-2230, as criminals may try to spoof our number. If you think you have given away by accident, please call us immediately!

How It Works

The cyber criminal impersonates the financial institution's staff or website, to obtain access to the account. Cyber criminals usually gain access to accounts through social engineering techniques — including texts, calls, and emails — or through fraudulent websites.

Social Engineering

  • A cyber criminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support, or technical support personnel. The cyber criminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts.
  • Social engineering methods include contacting account owners via fraudulent text messages, calls, or emails to trick the email recipient into providing their login credentials. In some instances, the cyber criminal states there are fraudulent transactions on the financial account and may provide a link to a phishing website that the account owner believes will report the fraud or prevent additional fraudulent transactions.
  • In some instances, cyber criminals impersonating financial institutions reported to the account owner that their information was used to make fraudulent purchases, including firearms. The cyber criminal convinces the account owner to provide information to a second cyber criminal impersonating law enforcement, who then convinces the account owner to provide account information.

Phishing Domains/Websites

  • The cyber criminal uses a phishing website that looks like the legitimate online financial institution or payroll website to trick the account owner into giving away their login credentials. Believing the phishing website is the legitimate one, users enter their login credentials into the fraudulent site, unknowingly providing them to cyber criminals.
  • Cyber criminals may also use a technique called Search Engine Optimization (SEO) poisoning. SEO poisoning refers to cyber criminals purchasing ads that imitate legitimate business ads to increase the prominence of their phishing websites by making them appear more authentic to customers who use a search engine to locate the business' website. When users click on the fraudulent search engine ad, they are directed to a sophisticated fraudulent phishing site that mimics the real website, tricking users into providing their login information.

Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover. In some cases, including nearly all social engineering cases, the cyber criminals change the online account password, locking the owner out of their own financial account(s).

Stay Protected

Stay vigilant against ATO fraud attempts by following these tips.

Be careful about the information you share online or on social media.

  • By openly sharing information like a pet's name, schools you have attended, your date of birth, or information about your family members, you may give scammers the information they need to guess your password or answer your security questions.
  • Monitor your financial accounts on a regular basis.
  • Watch for irregularities, such as missing deposits or unauthorized withdrawals, wire transfers, or expenditures.
  • Always use unique, complex passwords.
  • Use Bookmarks or Favorites for navigating to login websites.
  • Avoid clicking on Internet search results or advertisements. MFA will not protect you if you land on a fraudulent login page. Carefully examine any email address, URL, or spelling in unsolicited correspondence.
  • Stay vigilant against phishing attempts.
  • Be suspicious of unknown "banking" or "company" employees who call you; don't trust caller ID. Hang up, verify the correct number, and call it yourself. Companies generally do not contact you to ask for your username, password, or OTP

In case of an incident please call us immediately! More information on this alert can be found on the FBI Internet Crime Complaint Center (IC3) and how to file a complaint visit the IC3.

Genesee Co-op
Your Rochester Credit Union

Subscribe to our RSS feed for ongoing updates.

News & Updates

Financial Education

Account Takeover Fraud

Beware Account Takeover Fraud
Read more
Financial Education

Beware Text Scams

How to spot and avoid scams.
Read more
Member Notices

2024 Annual Report

Our report to the members is available now!
Read more
View all