How social engineering drives account takeover and what digital banking solutions can do to stop it

In recent years, one major theme has emerged: Account holders are giving away their own information and access. Fraud today relies less on technical “hacking” and more on techniques used to confuse and trick genuine users into giving away account access.

Once fraudsters gain access, they are opportunistic. They exploit the very digital banking tools designed to help customers — such as payment features and recovery options — to harvest even more information and funds. In doing so, trusted services are weaponized against both account holders and financial institutions.

Recent data confirms clear patterns in account takeover fraud, revealing where and how fraudsters target account holders. Below, we explore these trends, along with what can be done to protect customers from these growing threats.

Card controls become fraudsters’ new playground

We have seen an incredible spike in reported account takeover cases linked to digital card features. Fraudsters most often target functions that allow full viewing of card details or enable cards to be added to digital wallets. In 2025, nearly 20% of fraud cases reported to BioCatch involved account takeover through these digital card capabilities.

Once a fraudster gains access to the account holder’s card, they deploy numerous strategies to deplete available funds. In most instances, these funds are not recoverable. While financial institutions continue to battle this exploited channel, there is another difficult, often more complex problem to solve for: mules.

Mule accounts: The getaway driver of account takeover

Member-to-member transfer features are regularly exploited by fraudsters and other complicit actors. We see all varieties of mules: from fraudsters who open accounts solely to move illicit funds, to recruited or complicit account holders who receive a cut of the proceeds. Regardless of the origination, these bad actors are increasingly present in the credit union and mid-market space, where mule-related fraud attempts among BioCatch customers grew by 130% in the last year.

Once a fraudster socially engineers an account holder into giving away credentials and access, the fraudster quickly moves funds via member-to-member transfers into mule accounts and then exits through external transfers, Peer-to-Peer (P2P) payments, or ATM withdrawals.

Stopping mule activity is difficult because identifying the mule account beforehand is incredibly difficult. Often, these schemes involve real individuals, stolen identities, or unsuspecting account holders who have been deceived. By the time the account is exposed as a mule, it’s too late.

When remote access tools (RATs) give fraudsters full control

In certain cases, fraudsters obtain more than just credentials, one-time passcodes, and access to online banking accounts. With RATs, they may also gain complete control of an account holder’s device. This expands exposure beyond online banking to every application, program, or portal that individuals accesses. And if the threat isn’t properly mitigated and removed, fraudsters may remain linked to both accounts and associated devices.

RAT-related fraud increased 55% in the first half of 2025 compared with 2024, according to BioCatch’s 2025 Digital Banking Fraud Trends in the U.S. report. The report also noted that behavioral indicators detected the presence of a RAT on user devices in 15% of all reported account takeover fraud cases. Once fraudsters gain RAT-level account access, they attempt to exploit online banking features to drain accounts through channels such as Zelle and peer-to-peer payments (P2P), digital card controls, member-to-member transfers, external ACH transfers, cryptocurrency, and gift cards.

In these multi-channel attacks, financial institutions often feel like they’re reacting to the fraudster’s next move. However, with the right tools and strategies, they can shift from defense to offense, protecting both the institution and its account holders.

Fraudsters can steal your credentials, but not your behavior

As financial institutions grapple with increasingly complex fraud attacks, employing the right tools and strategies is crucial to protecting account holders. Today, it’s possible to develop a tailored, effective approach to fighting current threats – one that is both scalable and accessible for credit unions and banks.

Rather than being overwhelmed by the complexity of fraud prevention, fraud teams can take control with tools designed to disrupt cross-channel attacks. Behavioral intelligence, fraud detection, and AI-powered scoring models provide proven methods to detect threats early, stop fraud in its tracks, and maintain a safe digital banking environment.

Key takeaways:

Digital card controls are a growing fraud target: Nearly 20% of fraud cases reported to BioCatch in 2025 involved account takeover through digital card features.
Mule account fraud is surging: Mule-related fraud attempts among BioCatch customers rose 130% year over year.
RAT-related fraud is accelerating: Remote access tool fraud increased 55% in the first half of 2025.
RATs are fueling account takeover attacks: Behavioral indicators detected RAT activity in 15% of reported account takeover cases.
Fraudsters are exploiting trusted payment channels: P2P payments, ACH transfers, and digital wallets are increasingly used to rapidly move stolen funds.
Social engineering is replacing traditional hacking: Fraudsters now rely more on manipulating users into giving away access than on technical compromise.