Fresh from The FBI’s account takeover warning last week, with more than $260 million already stolen in 2025, the bureau has issued a new warning for smartphone users. “Criminals are pretending to be your bank to drain your accounts,” it says. But calling certain phone numbers also risks you losing all your life savings.
In these attacks, “cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the goal of stealing money or information for personal gain.” Accounts are hacked “through social engineering techniques — including texts, calls, and emails — or through fraudulent websites.”
The bureau says you should monitor your accounts, checking for anything unusual. But critically, if you see do anything unexpected, the bureau say “don’t do an internet search” for the bank’s phone number. You must stop using search engines for numbers. “Contact the phone number/website on the back of your card.”
Just as critically, “take a beat” the FBI says. That’s the theme of its latest campaign for the holiday season. Attackers create a false sense of urgency to trick you into acting before you have time to think. There’s a hacker accessing your account, they’ll say, or a fraudulent transaction about to close. An urgent message or call is a red flag. Period.
Google has just issued the same warning. “Criminals impersonate banks or other trusted institutions on the phone,” it says, “to try to manipulate victims into sharing their screen in order to reveal banking information or make a financial transfer.”
An Android pilot now shows a warning if you share your screen with an unknown number while opening a banking app. “The warning includes a 30-second pause period before you’re able to continue, which helps break the ‘spell’ of the scammer’s social engineering, disrupting the false sense of urgency and panic commonly used.”
It’s not only search engines. The same now applies to AI assistants as well. “You trust your search results. And you probably trust your AI assistant, too.” ZeroFox says. “But what happens when both are being manipulated?”
This is “a growing threat to organizations and brands,” ZeroFox warns. “Especially as people increasingly turn to LLMs for fast answers to high-stakes questions like “How do I contact customer support for [Your Brand]?”
And this can fake any brand — however big it may be. MalwareBytes says it found “tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal.”
An attacker can message and trick victims into placing calls to banks, having poisoned SEO results for the numbers they’ll likely call. It’s the same for all unsolicited support or security calls. You must stop making any calls to numbers searched online — or now via an AI assistant. Find verifiable contact details. Every time.
