CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

2025 U.S. cybercrime losses reach nearly $21bn with AI-enabled fraud, cryptocurrency scams, and critical infrastructure targeting highlighted

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

In 2025, U.S. cyber-enabled crime losses rose to nearly $21 billion, a 26% increase from 2024, with the FBI’s IC3 receiving over 1 million complaints. Cryptocurrency fraud dominated financial losses at over $11 billion across 181,565 cases, while phishing (191,000 cases) and investment scams (72,000) remained the most frequent complaint types. Americans over 60 were disproportionately affected, suffering $7.7 billion in losses—a 37% increase from the prior year. AI-enabled fraud, encompassing voice cloning, deepfakes, and synthetic profiles, accounted for $893 million in losses across 22,300 complaints. The FBI reported critical infrastructure sectors—including healthcare, manufacturing, financial services, information technology, and government facilities—as the most targeted. In response, the agency conducted 3,900 Financial Fraud Kill Chain interventions, freezing $679 million of $1.16 billion attempted thefts, and launched Operation Level Up to proactively alert 3,780 potential cryptocurrency investment fraud victims, 78% of whom were unaware of the scam.

Timeline

  1. 07.04.2026 15:00 2 articles · 11h ago

    2025 Internet Crime Report reveals record $17.7bn in cyber fraud losses with AI-enabled fraud contributing $893m

    The FBI’s 2025 Internet Crime Report documents a 26% increase in cyber-enabled crime losses to nearly $21 billion and a 22% rise in IC3 complaints to over 1 million. Cryptocurrency fraud losses exceeded $11 billion across 181,565 cases, surpassing all other categories. Phishing (191,000 cases) and investment scams (72,000) were the most frequent complaint types. Americans over 60 reported $7.7 billion in losses, a 37% increase from 2024. AI-related fraud, including voice cloning and deepfakes, accounted for $893 million in losses across 22,300 complaints. Critical infrastructure sectors—healthcare, manufacturing, financial services, IT, and government—were the most targeted. The FBI initiated 3,900 Financial Fraud Kill Chain interventions, freezing $679 million of $1.16 billion targeted, and launched Operation Level Up, notifying 3,780 potential victims of cryptocurrency investment fraud, 78% of whom were unaware of the scam.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Darktrace Detects 32 Million Phishing Emails in 2025 as Identity Attacks Surge

Darktrace detected over 32 million high-confidence phishing emails in 2025, indicating a significant rise in identity-driven cyber threats. The report highlights the increasing sophistication of phishing tactics, including the use of newly created domains, malicious QR codes, and novel social engineering techniques. Identity compromise has overtaken vulnerability exploitation as the primary entry vector, with attackers leveraging stolen credentials and hijacked tokens to gain access. The report also reveals regional and sector-specific trends, with the Americas accounting for 47% of global security events and manufacturing being a major target for ransomware.

Open in new tab

US Data Breaches Reach Record High in 2025

The number of data compromises in the US hit a record high of 3332 in 2025, a 5% increase from the previous year. Despite the rise in breaches, the number of individual victims decreased significantly to 279 million from 1.4 billion in 2024. The financial services sector was the most impacted, accounting for 22% of all compromises. The Identity Theft Resource Center (ITRC) warned that such incidents impose a "cyber tax" on consumers and businesses, with 38% of small businesses raising prices to cover remediation costs. Additionally, 70% of breach notices lacked information on the type of attack, making it difficult for victims to assess their risk. The report also highlighted the mental health impact on victims, with 88% experiencing negative consequences such as increased spam and phishing attempts.

Open in new tab

Record $17bn in Crypto Losses Driven by Impersonation Fraud

Cryptocurrency-related fraud losses reached a record high of $17bn in 2025, driven by impersonation tactics and AI tooling. The increase in fraud is attributed to sophisticated Asian crime networks and the growing use of AI in scams. The value of individual scam payments surged by 253% year-on-year, with impersonation fraud growing by 1400% in volume and related payments increasing by over 600%. Law enforcement has made significant strides in combating these frauds, including the conviction of fraud kingpin Zhimin Qian and the seizure of $15bn in proceeds linked to scam activity. The industrialization of fraud is evident in the commercialization of sophisticated tools and the professionalization of distinct actors, including developers, data brokers, spammers, thieves, and administrators. These actors contribute to the growing threat posed by crypto fraud.

Open in new tab

Cyber Fraud Surpasses Ransomware as Top Business Concern

Cyber fraud, particularly phishing, has overtaken ransomware as the primary cybersecurity concern for business leaders, according to the World Economic Forum’s (WEF) Global Cybersecurity Outlook for 2026. The report highlights the pervasive nature of cyber-enabled fraud, which is causing significant financial losses and undermining trust in systems. Phishing attacks, including email, voice (vishing), and SMS (smishing), are the most commonly reported form of cyber fraud, affecting 62% of respondents. Other notable threats include invoice or payment fraud (37%), identity fraud (32%), insider threats (20%), and romance or impersonation scams (17%). The rise of AI-powered cyber threats is also a key concern, with 87% of respondents experiencing increased AI-related vulnerabilities in the past year.

Open in new tab

Storm-2657 Targets University HR Employees in Payroll Hijacking Campaign

A cybercrime gang, Storm-2657, has been targeting university employees in the United States since March 2025 to hijack salary payments. The attackers have successfully compromised 11 accounts at three universities, sending phishing emails to nearly 6,000 email accounts across 25 universities. The campaign, codenamed Payroll Pirates, exploits a lack of multifactor authentication (MFA) or phishing-resistant MFA to compromise Workday accounts and other third-party HR SaaS platforms. The attackers use sophisticated social engineering tactics and adversary-in-the-middle (AITM) links to steal MFA codes, enabling them to gain access to Exchange Online accounts. Once inside, they alter salary payment configurations and redirect payments to accounts under their control. The attackers also create inbox rules to delete incoming warning notification emails from Workday and enroll their own phone numbers as MFA devices for victim accounts. The compromised email accounts are used to distribute further phishing emails, both within the organization and to other universities. The attacks have been ongoing since March 2025, with Microsoft identifying affected customers and providing mitigation guidance. The campaign has been observed targeting a range of U.S.-based organizations, particularly in the higher education sector, and any software-as-a-service (SaaS) platform storing HR or payment and bank account information.

Open in new tab