American victims lost nearly $21 billion to cybercrime last year, driven primarily by investment scams, business email compromises, technical support fraud, and data breaches, the Federal Bureau of Investigation said.
This figure continues to set a record year over year as it is up 26% compared to 2024, when Americans will lose $16.6 billion due to cybercrime.
A similar rise was recorded in the number of complaints received by the Internet Crime Complaint Center (IC3), which exceeded 1 million last year, up from 859,000 the previous year.
Source: FBI
The most common complaints received last year were related to phishing attacks (191,000), fraud (89,000), and investment scams (72,000), which continued to bring significant losses.
Although less in absolute numbers, there were still a significant number of reports of serious attack types such as business email compromises (24,700 cases), data breaches (3,900), ransomware attacks (3,600), and SIM swapping (971).
Investment fraud accounted for 49% of all fraud-related incidents recorded last year and resulted in losses of R8.6 billion. However, cybercrime targeting cryptocurrency caused the largest losses, exceeding $11 billion across 181,565 cases.
Cyber-enabled fraud accounted for 453,000 complaints and accounted for $17.7 billion in total losses posted to IC3 by 2025.
According to IC3, Americans over the age of 60 were hit the hardest, with a reported loss of $7.7 billion, a 37% increase over last year.
For the first time, the FBI report covers AI-related scams, which included 22,300 complaints and losses of $893 million. These programs include voiceovers, fake profiles, fake texts, and fake videos.
In two cases, attacks targeting critical infrastructure (dams and nuclear facilities), the FBI classified these incidents as data breaches.
The most important infrastructure sectors targeted for 2025 were healthcare, manufacturing, financial services, information technology and government services.
Source: FBI
The FBI fights back
The FBI says it has improved its efforts to prevent attacks, notify victims, and stop stolen funds, and in some cases recover them.
The agency has launched 3,900 Financial Fraud Kill Chain (FFKC) interventions by 2025, effectively blocking half of fraudulent activities. Of the $1.16 billion targeted by the attackers, the FBI stopped $679 million.
Additional efforts from the agency to prevent cybercrime included ‘Operation Level Up’ at the beginning of the year, a quick way to prevent financial losses by identifying and warning victims of cryptocurrency investment fraud.
Of the 3,780 victims reported last year, 78% did not know they were being scammed.
The FBI recommends people not to rush when they receive urgent requests and face pressure tactics, and use all available methods to verify the authenticity of the communication before sending money or data.
Those who suspect compromise by hackers or fraudsters are urged to report incidents with full details to ic3.gov.
Automatic logging proves that the path exists. BAS proves that your controls are stopping you. Many teams run without each other.
This white paper outlines six areas of validation, indicates where coverage ends, and provides clinicians with three diagnostic questions for any screening tool.
