OPINION: Account takeover scammers cause $262M in losses

In a growing scam that prompted a recent FBI alert, victims had given away not only their banking log-in information, but also their subsequent one-time verification code meant to provide extra security.

People’s willingness to do all that shows how good the offenders are at manipulating their victims and obliterating their financial accounts.

In fact, the FBI reported that during the past year, it received more than 5,100 complaints about such “account takeover” schemes, resulting in losses exceeding $262 million.

This happens primarily when scammers pretend to be with a financial institution rep or when they set up a scam-produced fake of the institution’s website. Through texts, calls or emails, the cyber criminal tells victims there have been fraudulent transactions on their account. They might say that the victim’s personal information has been used to make questionable purchases, including firearms, the FBI says.

The scammers then convince victims to deal with the supposed problem by turning over login credentials and their multi-factor authentication code that allows entry to the account. The thieves change the password, thereby gaining access and preventing the victim from getting back in.

In the case of the gun ruse, people are directed to a second scammer who is pretending to be a law enforcement officer requesting login information to help solve the case. Sometimes, people will be directed to a fake website.

Once the impersonators have taken over, they “quickly wire funds to other criminal-controlled accounts, many of which are linked to crypto-currency wallets,” the FBI says. The stolen money is disbursed quickly and is difficult to trace and recover.

Here’s what to do, according to the agency:

— Contact the relevant bank or financial institution to check on your account if you have any questions.

— Monitor financial accounts regularly.

— Use unique passwords and enable two-factor authentication on every account possible. Guard this information and know that companies generally don’t call you asking for usernames or passwords.

— Be careful about information you share online. Details like a pet’s name, schools you have attended, your birth date and so on can give criminals enough information to guess your password or answers to your security questions.

Social media takeovers increase

Social media takeover is now the top threat for the general public, becoming the most commonly reported form of identity misuse, according to the Identity Theft Resource Center. Its recently released Consumer Impact Report said takeover of a social media account was reported by about 35% of victims this year, up from 29% in 2024. When someone hijacks a social media account, they can steal personal information from you and assume your identity.

While some may view these incidents as “low-level identity crimes, … we are seeing victims denied loans, housing and other basic necessities, all stemming from an initial compromise that many would dismiss as minor,” the report says. “This is a critical signal that the systems we rely on for our economic lives are far more fragile than we believed, creating a complex web that is nearly impossible for a victim to navigate alone.”

Contact Ellen Marks at emarks@abqjournal.com if you are aware of what sounds like a scam. To report a scam to law enforcement, contact the New Mexico Consumer Protection Division at 505-490-4060. Complaints can be filed electronically at nmag.gov/contact-us/file-a-complaint/.