The FBI's Internet Crime Complaint Center (IC3) has published its annual cybercrime statistics for 2025, and the headline figure is stark: U.S. victims reported losses approaching $21 billion — the highest ever recorded since IC3 began tracking in 2000. The bureau received over 1 million complaints during the year, also a record, underscoring both the scale of the problem and growing public awareness about where to report cybercrime.
Investment Fraud Dominates Losses
Investment fraud — led overwhelmingly by cryptocurrency pig-butchering scams — was the single largest loss category for the second consecutive year. These schemes involve criminals building trust with victims over extended periods, sometimes months, before convincing them to deposit funds into fraudulent "investment platforms." Victims often do not realize they have been defrauded until they attempt to withdraw funds, at which point the platform becomes inaccessible and the operators disappear.
The IC3 report identifies organized criminal networks, primarily operating out of Southeast Asia, as the primary operators of pig-butchering infrastructure. The FBI notes that these operations are increasingly industrialized — using AI-generated personas, scripted conversation flows, and sophisticated fake trading interfaces to deceive victims.
Business Email Compromise: A Perennial Billion-Dollar Threat
Business Email Compromise (BEC) remains among the costliest attack types tracked by IC3. Criminals compromise or spoof corporate email accounts and redirect wire transfers, payroll deposits, or vendor payments. Key trends from the 2025 data:
| BEC Trend | Detail |
|---|---|
| AI-Generated Audio/Video | Deepfake executive calls used to authorize fraudulent wire transfers |
| Invoice Manipulation | Intercepting legitimate vendor payment chains |
| Payroll Diversion | HR system compromise to redirect employee payroll |
| Real Estate Fraud | Wire fraud in property transactions |
The FBI's Recovery Asset Team (RAT), which coordinates with financial institutions to freeze and recover funds from reported BEC losses, processed thousands of cases in 2025. Timely reporting — within hours of a fraudulent transfer — dramatically increases recovery chances.
Tech Support Fraud Targeting Older Americans
Tech support fraud continues to disproportionately harm older Americans. In these schemes, victims receive alarming messages — a phone call, browser pop-up, or email — claiming their devices are compromised. They are directed to "technicians" who ultimately convince them to transfer funds to "secure" accounts, sometimes through cryptocurrency ATMs.
The IC3 data shows:
- Victims over 60 filed the most complaints of any demographic
- Per-victim losses in tech support fraud rank among the highest of any fraud category
- Losses from tech support fraud increasingly funnel into investment fraud — victims are sometimes re-targeted by the same criminal networks
Ransomware: Impact Beyond the Dollar Figures
While ransomware is not the top category by raw dollar loss — partially due to underreporting and negotiated settlements — the FBI emphasized that ransomware attacks on critical infrastructure carry societal impacts far beyond what IC3 complaint data captures. Healthcare, municipal services, water utilities, and educational institutions were all targeted in 2025, with some incidents causing sustained service disruptions affecting thousands of people.
The IC3 report notes an evolution in ransomware tactics: data extortion without encryption is increasingly common, with actors threatening to release stolen data rather than (or in addition to) encrypting systems. This lowers the technical barrier for criminal groups while maintaining leverage over victims.
Key Statistics from the 2025 IC3 Report
| Metric | 2025 Figure |
|---|---|
| Total Complaints | 1,000,000+ (record) |
| Total Reported Losses | ~$21 billion (record) |
| Investment Fraud Losses | Largest single category |
| Cryptocurrency Involvement | Losses exceeding $9 billion |
| States with Highest Losses | California, Texas, Florida |
| Hardest-Hit Age Group | Victims over 60 |
What Individuals and Organizations Can Do
The FBI recommends the following preventive measures:
For individuals:
- Be deeply skeptical of unsolicited investment opportunities, especially those involving cryptocurrency
- Never transfer funds to "secure accounts" at the request of a caller — hang up and call your bank directly
- Report cybercrime immediately at ic3.gov
- Educate older family members about tech support scam scripts
For organizations:
- Implement multi-factor authentication on all email and financial systems
- Establish out-of-band verification for wire transfer requests — a phone call to a known number, not the number in the email
- Train employees to recognize BEC warning signs (urgency, unusual requests, slight email domain variations)
- Review payroll and vendor payment change request procedures — require dual authorization
The consistent year-over-year growth in cybercrime losses reflects both the sophistication of criminal operations and the continued targeting of high-value victims. The billion-dollar gap between reported losses and estimated actual losses — only a fraction of victims report to IC3 — means the true scale of the problem is substantially larger than these figures suggest.
Source: SecurityWeek — FBI: Cybercrime Losses Neared $21 Billion in 2025, FBI IC3 2025 Annual Report