Skip to content
Chimera readability score 0.5894 out of 100, reading level.

U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says.
The figure continues the year-over-year record trend as it is up 26% compared to 2024, when Americans lost $16.6 billion to cybercrime.
A similar uptick was recorded in the number of complaints the Internet Crime Complaint Center (IC3) received, which surpassed 1 million last year, up from 859,000 the year before.
The most frequent complaints received last year referred to phishing attacks (191,000), extortion (89,000), and investment scams (72,000), which continued to drive massive losses.
Although smaller in absolute numbers, there were still a significant number of reports for serious attack types such as business email compromise (24,700 cases), data breaches (3,900), ransomware attacks (3,600), and SIM swapping (971).
Investment fraud accounted for 49% of all scam-related incidents recorded last year and resulted in losses of $8.6 billion. However, cybercrime targeting cryptocurrency caused the largest loss, exceeding $11 billion across 181,565 cases.
Cyber-enabled fraud was present in 453,000 complaints and accounted for $17.7 billion of the total losses submitted to the IC3 in 2025.
According to the IC3, Americans over the age of 60 were hit the hardest, with reported losses of $7.7 billion, a 37% increase compared to the previous year.
For the first time, the FBI’s report includes AI-related scams, which accounted for 22,300 complaints and $893 million in losses. These schemes involved voice cloning, fake profiles, forged documents, and deepfake videos.
In two cases, attacks targeting critical infrastructure (dams and nuclear facilities), the FBI labeled the incidents as data breaches.
The most targeted critical infrastructure sectors in 2025 were healthcare, manufacturing, financial services, information technology, and government facilities.
FBI fighting back
The FBI says that it has upgraded its efforts to block attacks, notify victims, and freeze stolen funds, in some cases even being able to retrieve them.
The agency initiated 3,900 Financial Fraud Kill Chain (FFKC) interventions in 2025, successfully blocking a portion of fraudulent transactions. Of the $1.16 billion targeted by attackers, the FBI froze $679 million.
Additional efforts from the agency to prevent cyber-enabled crimes included ‘Operation Level Up’ at the start of the year, a proactive approach to prevent financial losses by identifying and alerting victims of cryptocurrency investment fraud.
Of the 3,780 victims notified last year, 78% were unaware that they were being scammed.
The FBI recommends people not to rush when they receive urgent requests and face pressure tactics, and to use all available means to verify the authenticity of the communication before sending money or data.
Those who suspect compromise by hackers or scammers are urged to report the incidents with full details to ic3.gov.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now

Facts Only

U.S. victims lost nearly $21 billion to cyber-enabled crimes in 2025.
The loss represents a 26% increase from 2024, when losses totaled $16.6 billion.
The Internet Crime Complaint Center (IC3) received over 1 million complaints in 2025, up from 859,000 in 2024.
Phishing attacks were the most frequent complaint (191,000 cases), followed by extortion (89,000) and investment scams (72,000).
Business email compromise accounted for 24,700 cases, data breaches for 3,900, ransomware for 3,600, and SIM swapping for 971.
Investment fraud caused $8.6 billion in losses, representing 49% of scam-related incidents.
Cryptocurrency-related crimes resulted in over $11 billion in losses across 181,565 cases.
Cyber-enabled fraud was involved in 453,000 complaints, totaling $17.7 billion in losses.
Americans over 60 reported $7.7 billion in losses, a 37% increase from the previous year.
AI-related scams accounted for 22,300 complaints and $893 million in losses, involving voice cloning, deepfakes, and forged documents.
Two data breaches targeted critical infrastructure, including dams and nuclear facilities.
The most targeted critical infrastructure sectors were healthcare, manufacturing, financial services, information technology, and government facilities.
The FBI initiated 3,900 Financial Fraud Kill Chain interventions in 2025, freezing $679 million of $1.16 billion in targeted fraudulent transactions.
Operation Level Up notified 3,780 cryptocurrency fraud victims, with 78% unaware they were being scammed.
The FBI recommends verifying urgent requests before sending money or data and reporting incidents to IC3.

Executive Summary

Cyber-enabled crimes cost U.S. victims nearly $21 billion in 2025, marking a 26% increase from the previous year’s $16.6 billion in losses. The FBI’s Internet Crime Complaint Center (IC3) received over 1 million complaints, with phishing, extortion, and investment scams being the most frequent. Investment fraud alone accounted for 49% of scam-related incidents, resulting in $8.6 billion in losses, while cryptocurrency-related crimes exceeded $11 billion across 181,565 cases. Americans over 60 were disproportionately affected, reporting $7.7 billion in losses—a 37% year-over-year increase. The FBI also highlighted emerging threats like AI-driven scams, which involved voice cloning, deepfakes, and forged documents, totaling $893 million in losses. Critical infrastructure sectors, including healthcare, manufacturing, and government facilities, faced targeted attacks, with two incidents involving dams and nuclear facilities labeled as data breaches.
The FBI has intensified efforts to combat cybercrime, including 3,900 Financial Fraud Kill Chain interventions that froze $679 million of $1.16 billion in targeted fraudulent transactions. Operation Level Up, launched early in the year, notified 3,780 cryptocurrency fraud victims, 78% of whom were unaware they were being scammed. The agency advises vigilance against urgent pressure tactics and encourages reporting incidents to IC3. Despite these measures, automated pentesting and breach-and-attack simulations reveal gaps in cybersecurity coverage, with most teams addressing only one of six validation surfaces.

Full Take

The strongest version of this narrative underscores the escalating scale and sophistication of cybercrime, with losses surging by 26% in a single year. The FBI’s data paints a clear picture of systemic vulnerabilities, from the disproportionate targeting of older Americans to the rise of AI-driven scams. The inclusion of critical infrastructure breaches—including dams and nuclear facilities—highlights the potential for cyber threats to transcend financial harm and pose national security risks. The FBI’s proactive measures, such as freezing $679 million in fraudulent transactions and Operation Level Up’s victim notifications, demonstrate a committed response. However, the persistence of gaps in cybersecurity coverage, as noted in the discussion of automated pentesting, suggests that defensive strategies remain reactive rather than holistic.
Patterns detected: ARC-0024 Ambiguity (the framing of "cyber-enabled crimes" as a monolithic threat without distinguishing between opportunistic fraud and state-sponsored attacks), ARC-0043 Motte-and-Bailey (the conflation of financial scams with critical infrastructure risks to amplify urgency).
The root cause of this narrative is the tension between technological advancement and institutional adaptation. Cybercrime thrives in the lag between innovation and regulation, with AI tools lowering the barrier to entry for fraudsters while defensive measures struggle to keep pace. The focus on financial losses obscures deeper questions about digital literacy, systemic inequality (e.g., elderly victims), and the privatization of cybersecurity responsibilities. Who benefits? Cybersecurity firms and regulatory agencies gain legitimacy, while victims bear the costs—both financial and psychological. Second-order consequences include eroded trust in digital systems and the normalization of surveillance as a protective measure.
Bridge questions: How might the FBI’s emphasis on financial interventions (e.g., freezing transactions) address—or overlook—the root causes of vulnerability, such as digital literacy gaps? What role do platforms enabling cryptocurrency transactions play in facilitating or mitigating these scams? Would a shift from reactive interventions to preemptive education change the trajectory of these trends?
Counterstrike scan: A coordinated influence campaign would amplify fear of AI-driven scams to justify expanded surveillance or preemptive censorship of digital tools. The actual content aligns with this pattern by framing AI as an existential threat without critiquing the structural conditions enabling fraud. However, the FBI’s focus on victim notification and financial recovery suggests a public-safety orientation rather than a manipulative agenda. The narrative remains within the bounds of institutional accountability, though it risks reinforcing a techno-pessimist paradigm.

Sentinel — Human

Confidence

The analyzed article appears to be written by a human, given the varied sentence length, use of hedging language, balanced presentation of data with no overt bias, unique structure and organization within the article, and lack of historical or attribution inconsistencies.

Signals Detected
low severity: Variable sentence length and usage of hedging language
low severity: Balanced presentation of data with no overt bias
medium severity: Unique structure and organization within the article
low severity: No indications of historical or attribution inconsistencies
Human Indicators
Varied sentence length and use of hedging language are characteristics of human writing.