Cybercrime losses in the United States hit $16.6 billion in 2024.
The FBI Internet Crime Complaint Center reported the figure in its annual report.
Investment fraud, often routed through crypto, caused the biggest share of damage.
Federal advisories and investigations show AI-driven impersonation spreading and crypto payment rails staying central to scams.
Ransomware remains a top threat for hospitals, local government, and industry. Early signals point to losses rising again, even if victim counts do not surge.
Areas With Biggest Losses
Fewer people are reporting direct financial loss, yet average loss per incident keeps rising, which points to criminals prioritizing bigger payouts over sheer volume.
Investment fraud sits at the center of the jump.
Victims reported roughly $6.5 billion in losses tied to investment schemes in 2024, a category dominated by crypto-themed pitches and fake trading platforms.
Business email compromise remains one of the most expensive threats for companies and public institutions, because a single compromised inbox can redirect six- or seven-figure payments.
Ransomware complaints rose again, with critical-infrastructure targets such as hospitals, local government, manufacturing, and schools facing disruption plus extortion. Phishing and spoofing remained the most common entry tactic, feeding both fraud and network intrusions.
Losses also concentrate in predictable places. People age 60 and older filed the largest share of high-dollar complaints and lost close to $5 billion in 2024, a sign that criminals keep focusing on retirees with savings and a lower tolerance for digital friction.
Early 2025 reporting adds context: generative AI tools are making impersonation cheaper and more convincing, while crypto rails speed up cash-out and shrink the window for recovery.
Taken together, the data suggest another year where scam sophistication and per-victim losses rise faster than complaint totals.
| Type of Fraud | How It Plays Out | Reasons For High Losses |
| Investment Fraud (often crypto) | “Advisor” on social media moves chat to WhatsApp, shows fake gains on a look-alike exchange, pushes larger deposits, then blocks withdrawals | Victim adds money in stages, so the final loss can reach life savings |
| Business Email Compromise | Supplier invoice gets altered after mailbox takeover, finance team wires funds to attacker-controlled account | One successful redirect can drain a full payment run |
| Ransomware / Data Extortion | Hospital network encrypted, attackers demand payment and threaten to leak patient files | Downtime costs plus pressure to pay to restore operations |
| Phishing / Spoofing | Fake bank login page captures credentials, later used for account takeover or BEC | Scale is cheap, success rate climbs with AI-written lures |
| Tech Support And Impersonation Scams | Pop-up claims device infected, “support agent” convinces victim to send money or buy crypto to “secure” funds | Social pressure plus hard-to-reverse payments |
Can We Expect Similar Numbers At The End Of 2025?
A full-year total is not available yet, but signals point toward losses staying in the same range or moving even higher.
Generative AI is a key accelerant. Investigations and federal warnings in 2025 point to wider use of deepfake voice, fake identity documents, and automated phishing, all reducing effort per scam while improving success rates.
Crypto payment rails also remain central in 2025 coverage, letting criminals cash out faster and limiting recovery once money leaves a wallet or gets routed through mixers.
Unless enforcement or platform controls cut that pipeline in a big way, per-victim losses are likely to keep climbing, which makes another year near 2024 levels a reasonable expectation.
How To Recognize And Prevent Scams?
Prevention requires clear rules that scan the money movement and force verification. This must be the rule not only for businesses but also for regular users..
For Businesses
Finance teams, procurement, and executives remain prime targets because a single fraudulent transfer can be enormous.
Business email compromise and ransomware stay near the top of loss reporting, and 2025 coverage shows AI making impersonation more convincing and cheaper to scale.
Strong defenses come from process plus monitoring, not from tools alone, and that includes creating a proactive security operation centre strategy that treats fraud signals as first-class alerts.
1. Urgent Payment Change Requests
Invoices that suddenly reroute funds or demand same-day wires fit a common BEC pattern.
2. Exec or Vendor Impersonation
A late-night text from a “CEO,” a Teams message from a “supplier,” or a voice call that sounds right can be synthetic. AI voice and video cloning lower the cost of faking authority.
3. Credential Prompts
Fake login pages and “security reset” emails still open the door for mailbox takeover, then invoice tampering.
4. Extortion
Ransomware crews now pair encryption with data-leak threats, targeting sectors where downtime hurts fast.
How To Prevent Business Losses?
1. Use out-of-band verification for every sensitive transfer.
Any new payee, routing change, payroll update, or urgent wire needs a call-back to a known number and a second approver.
2. Harden email and domain trust
Enforce SPF, DKIM, and DMARC, watch for look-alike domains, and alert on mailbox rule changes or new delegation.
3. Train for AI-driven impersonation
Policy must require verification even when a request sounds like leadership or a long-time vendor. Run quick drills that include deepfake voice scenarios.
4. Build ransomware resilience
Offline backups, tested restores, segmentation, and a rehearsed incident playbook reduce leverage during extortion events.
For Individuals
Most high-loss scams follow a similar arc: an unexpected approach, escalating urgency, then a push toward an irreversible payment method. Investment fraud tied to crypto remains the biggest dollar driver, while phishing and impersonation serve as the entry path.
1. Pressure to act fast or stay secret
Scammers want isolation and speed because both block second opinions.
2. Requests for crypto, gift cards, or wire transfers
Such channels dominate major fraud reporting because recovery is rare once sent.
3. Guaranteed returns or “test wins”
Small early gains that lead to larger deposits match the standard investment fraud script.
4. Messages that look official but avoid verification
Fake bank alerts, delivery notices, or tech-support pop-ups often include links that hijack accounts.
How To Prevent Personal Losses?
1. Pause before any payment
A short delay breaks the urgency trap and gives room to check facts.
2. Verify via a separate route
Call banks or companies using numbers from official sites or cards, and contact family through saved numbers.
3. Treat unsolicited investment offers as high risk
Walk away when withdrawals get blocked or when pressure builds to “add just a bit more.”
4. Secure key accounts with strong MFA
Email, banking, and social accounts need app-based or hardware MFA, since takeover often enables follow-on fraud.
5. Report quickly
Contact the financial institution first, then law enforcement, since recovery odds fall sharply after funds move.
Last Words
AI tools and crypto pipelines are accelerating scams faster than public awareness or enforcement can slow them.
If verification habits and corporate controls do not catch up soon, annual losses will keep climbing, and the shock value of new scam records will fade.
