The FBI, via IC3 reporting summarized by outlets, said account-takeover scams have caused roughly $262 million in losses so far in 2025, with attackers using phishing, smishing and social engineering. Authorities and consumer-protection experts urged strong, unique passphrases, multi-factor authentication, and immediate reporting to banks and IC3 when suspicious activity appears, especially during holiday shopping.

FBI data compiled into IC3 reports and summarized in late November 2025 indicate that account-takeover fraud remains a major source of consumer losses, with reported losses in the hundreds of millions of dollars this year and specific summaries pointing to about $262 million to date. The agency described common vectors including phishing emails, SMS-based smishing, and targeted social engineering that enable criminals to gain access to retail and financial accounts. Once access is obtained, fraudsters perform unauthorized purchases, change account recovery options, or launder value through payments and cashouts. The FBI and consumer-protection organizations emphasized prevention measures such as unique, strong passphrases, mandatory multi-factor authentication where available, and prompt reporting of suspicious transactions to banks and to IC3. They also recommended proactive monitoring of account recovery settings and reducing stored payment data on retail profiles. With holiday transaction volumes rising, authorities stressed that rapid reporting can limit losses and improve law enforcement’s ability to trace and recover funds.