Cybercrime Losses Surge

# Cybercrime Losses Surge Americans reported losing nearly $20.9 billion to cybercrime in 2025, according to the Federal Bureau of Investigation’s Internet Crime Complaint Center, the bureau’s public clearinghouse for online crime reports. That was a 26% increase from the roughly $16.6 billion reported in 2024, and it pushed annual reported losses to the highest level the center has recorded. (cyberscoop.com) The jump was not driven by a single spectacular hack. It came from a broad mix of frauds and intrusions that now sit inside ordinary business and consumer activity: fake investment pitches, manipulated invoice payments, tech-support scams, account takeovers, phishing, extortion, and data breaches. More than 1 million complaints were filed in 2025, up from roughly 859,000 a year earlier, showing that the volume of incidents kept rising along with the money lost. (cyberscoop.com) The biggest source of damage was investment fraud, which produced more than $8.6 billion in reported losses. These schemes often start with what looks like a normal financial opportunity, then move victims into fake trading platforms, sham crypto products, or confidence scams designed to keep money flowing long after the first transfer. (cyberscoop.com) The second-largest category was business email compromise, with about $3 billion in losses. In those attacks, criminals impersonate executives, suppliers, or partners and trick employees into sending wire transfers or changing payment details, turning a routine invoice or approval email into a theft mechanism. (cyberscoop.com) Tech-support fraud came next at more than $2.1 billion, followed by personal data breaches at about $1.3 billion. The pattern says something important about the shape of cybercrime in 2025: attackers did not need to break into advanced systems every time if they could instead persuade people to trust the wrong screen, the wrong voice, or the wrong message. (cyberscoop.com) Money movement channels also mattered. The Federal Bureau of Investigation said cryptocurrency was the primary conduit for fraud tied to investment and tech-support scams, while wire transfers carried much of the damage in business email compromise. That helps explain why fraud losses can scale so quickly once a victim is convinced to act: both payment rails can move large sums fast, and recovery is often difficult after the transfer clears. (cyberscoop.com) Age data in the report show who paid the heaviest price. Victims aged 60 and older filed about 201,000 complaints and reported nearly $7.75 billion in losses, the largest total of any age group. The next bracket, ages 50 to 59, reported more than $3.6 billion in losses. (cyberscoop.com) The averages are striking. Across all victims, the average reported loss was about $20,699. When cryptocurrency was involved, that figure rose to roughly $62,604, and complaints involving cryptocurrency accounted for more than $11 billion in total losses, up 22% from 2024. (bankingjournal.aba.com) The report also shows how the most common problems are not always the most expensive. Phishing was the most frequently reported cybercrime in 2025, followed by extortion, investment scams, and personal data breaches. But extortion produced about $122.5 million in losses, and ransomware accounted for about $32.3 million, far below the totals generated by fraud categories built around deception and payment manipulation. (cyberscoop.com) Another new wrinkle is the bureau’s decision to add a section on artificial-intelligence-facilitated fraud. The 2025 report logged more than 22,000 complaints in that category and nearly $893 million in associated losses. The bureau said scammers are using fake social profiles, cloned voices, forged identity documents, and convincing video to make old fraud scripts feel more believable and harder to dismiss. (bankingjournal.aba.com) That detail matters because it changes the economics of fraud. Generative tools can help criminals personalize lures, imitate trusted people, and produce more convincing messages at low cost. A scam that once required a practiced caller or a carefully written email can now be supported by synthetic audio, fabricated credentials, or realistic-looking media that reduce hesitation at the exact moment a victim is asked to pay. This is an inference drawn from the Federal Bureau of Investigation’s description of how scammers are using cloned voices, fake profiles, and believable videos. (bankingjournal.aba.com) The longer trend is even more alarming than the one-year jump. CyberScoop, citing the new Federal Bureau of Investigation data, reported that annual losses have risen almost 400% from $4.2 billion in 2020 and that cumulative losses over the last five years have exceeded $71.3 billion. The bureau also said it now averages nearly 3,000 complaints per day, a sign that internet-enabled crime has become a constant background condition rather than a series of isolated spikes. (cyberscoop.com) There is also a basic limitation in the numbers: they capture only what gets reported. The Internet Crime Complaint Center’s figures rely on submissions from victims, and both the Federal Bureau of Investigation and outside coverage note that many incidents never reach the system at all. That means the $20.9 billion total is best read as a floor, not a ceiling. (cyberscoop.com) For companies, the report helps explain why cyber spending has not disappeared even as budgets have tightened. Organizations are becoming more selective, but they are still funding email security, identity controls, payment verification, employee training, fraud monitoring, backup and recovery, and incident-response capacity because the losses are increasingly concentrated in failures of trust, process, and speed. The report’s category breakdown supports that conclusion: business email compromise, tech-support fraud, investment scams, and data breaches all reward faster detection and tighter controls around communication and payments. (cyberscoop.com) The central lesson from the 2025 data is simple. Cybercrime is no longer defined mainly by code breaking into machines. It is just as often persuasion aimed at people, delivered through the same inboxes, payment systems, phones, and platforms that businesses and households already depend on every day. (cyberscoop.com)