FBI: Americans lost a record $21 billion to cybercrime last year

U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says.

The figure continues the year-over-year record trend as it is up 26% compared to 2024, when Americans lost $16.6 billion to cybercrime.

A similar uptick was recorded in the number of complaints the Internet Crime Complaint Center (IC3) received, which surpassed 1 million last year, up from 859,000 the year before.

The most frequent complaints received last year referred to phishing attacks (191,000), extortion (89,000), and investment scams (72,000), which continued to drive massive losses.

Although smaller in absolute numbers, there were still a significant number of reports for serious attack types such as business email compromise (24,700 cases), data breaches (3,900), ransomware attacks (3,600), and SIM swapping (971).

Investment fraud accounted for 49% of all scam-related incidents recorded last year and resulted in losses of $8.6 billion. However, cybercrime targeting cryptocurrency caused the largest loss, exceeding $11 billion across 181,565 cases.

Cyber-enabled fraud was present in 453,000 complaints and accounted for $17.7 billion of the total losses submitted to the IC3 in 2025.

According to the IC3, Americans over the age of 60 were hit the hardest, with reported losses of $7.7 billion, a 37% increase compared to the previous year.

For the first time, the FBI’s report includes AI-related scams, which accounted for 22,300 complaints and $893 million in losses. These schemes involved voice cloning, fake profiles, forged documents, and deepfake videos.

In two cases, attacks targeting critical infrastructure (dams and nuclear facilities), the FBI labeled the incidents as data breaches.

The most targeted critical infrastructure sectors in 2025 were healthcare, manufacturing, financial services, information technology, and government facilities.

FBI fighting back

The FBI says that it has upgraded its efforts to block attacks, notify victims, and freeze stolen funds, in some cases even being able to retrieve them.

The agency initiated 3,900 Financial Fraud Kill Chain (FFKC) interventions in 2025, successfully blocking a portion of fraudulent transactions. Of the $1.16 billion targeted by attackers, the FBI froze $679 million.

Additional efforts from the agency to prevent cyber-enabled crimes included ‘Operation Level Up’ at the start of the year, a proactive approach to prevent financial losses by identifying and alerting victims of cryptocurrency investment fraud.

Of the 3,780 victims notified last year, 78% were unaware that they were being scammed.

The FBI recommends people not to rush when they receive urgent requests and face pressure tactics, and to use all available means to verify the authenticity of the communication before sending money or data.

Those who suspect compromise by hackers or scammers are urged to report the incidents with full details to ic3.gov.

Automated Pentesting Covers Only 1 of 6 Surfaces.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now