How social engineering drives account takeover and what digital banking solutions can do to stop it

This week, we’re spotlighting BioCatch, a leader in behavioral biometrics that helps financial institutions detect and prevent fraud by analyzing how users interact with online banking, such as typing patterns and mouse movements. With relationships across more than 150 Alkami financial institutions and access to thousands of confirmed account takeover sessions, BioCatch offers unique insight into how fraudsters operate. In 2024, Alkami clients leveraging BioCatch’s fraud prevention solutions through the Alkami Digital Banking Platform stopped more than $54 million in fraudulent transactions. Through close collaboration with these institutions, BioCatch helps build a deeper understanding of evolving threats and delivers proactive, frictionless fraud prevention that keeps digital banking solutions both secure and user-friendly.

In nearly every fraudulent interaction, there is a recurring theme: the account holders are often giving away their own information and access. The complexity in these attacks is not so much in technical “hacking” as in the techniques used to confuse and trick the genuine user into giving away access to their account. When the fraudsters gain access, they are opportunistic—they can take advantage of the very tools that you provide in your digital banking solutions, using them to extract even more information and funds from your account holder. These tools are weaponized against both your account holders—and your institution.

Based on the stories the data tells us, we want to highlight some of the leading trends in the account takeover space and where (and how) fraudsters are targeting your account holders. We will wrap up with what you can do to protect your customers and members from these growing threats.

Card Controls Become The Fraudsters’ New Playground

We have seen an incredible spike in reported account takeover involving digital card capabilities. Most commonly, fraudsters are targeting features that allow full viewing of card information and those that let them add the card to a digital wallet. In 2025, almost 20% of fraud cases reported to BioCatch involved account takeover through digital card capabilities (BioCatch analysis of anonymized behavioral data across Alkami digital banking clients, 2024–2025).

Once the fraudster has access to the account holder’s card, they deploy numerous strategies to deplete available funds. In most instances, these funds are not recoverable.

While financial institutions continue to battle this exploited channel, there is another difficult, often more complex problem to solve for—mules.

The Getaway Driver Of Account Takeover—Mule Accounts

The member-to-member transfer capabilities are regularly being abused by fraudsters and by other complicit actors. We see all varieties of mules: from the fraudster who opens the account for the sole purpose of moving illicit funds, to the recruited and/or complicit bad actor/account holder who receives a “cut” of the plunder. Regardless of the origination, there has been an increase of these bad actors in the credit union and mid-market space. We have seen a 130% increase in mule-related fraud, and once the account holder is socially engineered to give away credentials and access, the fraudster utilizes cross member-to-member transfers to the lurking mule account and then makes their exit via external transfer, Peer-to-Peer (P2P) payment, or ATM withdrawal.

What makes this incredibly difficult to stop is the identification of the mule account prior to the attempt. Often, these schemes involve real individuals, stolen identities, or unsuspecting account holders who are deceived into participating. When you find out it is a mule account—it is too late.

When Account Holders Give The Wheel To The Fraudster—Remote Access Tool (RAT)

In certain cases, fraudsters obtain more than just credentials, one-time passcodes, and access to online banking accounts; they may also gain complete control of an account holder’s device. This increases exposure not only within online banking, but across every application (app), program, or portal that the individual accesses. Additionally, if not properly mitigated and cleaned, the fraudster may remain connected to the account and their device.

In the first half of 2025, there has been a 55% increase in RAT-related fraud when compared with 2024. In 15% of all account takeover fraud cases reported, behavioral indicators detected the presence of a RAT on the user’s device. Once fraudsters gain this level of access, they attempt to exploit the available online banking features to extract every dollar in the account through channels such as Zelle/P2P, digital card controls, member-to-member transfers, external/ACH transfers, cryptocurrency, and gift cards.

Financial institutions feel like they are on the defensive in these multi-channel attacks, but there are tools and strategies that you can employ to help protect you and your account holders from these diverse attack vectors.

Fraudsters Can Steal Your Credentials—Not Your Behavior

As financial institutions grapple with increasingly complex fraud attacks, employing the right tools and strategies to stay ahead of the bad actors is crucial to protecting account holders. Today, it’s possible to develop a right-sized, effective approach to fighting current threats – one that is scalable and accessible for credit unions and banks. Rather than being overwhelmed by the perceived complexity of fraud prevention, fraud teams can take control by leveraging tools designed to disrupt cross-channel attacks. Behavioral intelligence, fraud detection, and AI-powered scoring models offer proven methods for detecting threats early, stopping fraud in its tracks, and maintaining a safe digital banking environment.

Want to learn more?