Skip to content

Blog

FBI Releases 2025 Internet Crime Report: Key Takeaways for the Payments Industry

Treasury Management & Payment Operations

Overview

For 25 years, the Federal Bureau of Investigation has published an annual report providing data on internet-enabled crime and fraud trends. The report, published by the FBI’s Internet Crime Complaint Center (IC3), offers critical insights into the evolving landscape of cyber-enabled fraud, the transaction methods exploited by criminal actors, and the demographics of those most frequently victimized.

For financial institutions, payment processors, and compliance professionals, the report serves as must-read material to stay up-to-date on the threat environment and a valuable resource for calibrating fraud prevention and Bank Secrecy Act/Anti-Money Laundering (BSA/AML) programs.

Artificial Intelligence-Related Cybercrime

The 2025 Report introduces, for the first time, a dedicated section on artificial intelligence-related cybercrime. IC3 received 22,364 complaints citing the use of AI in the commission of fraud, with total losses of $893 million. AI fraud showed up in multiple categories, including Business Email Compromise (BEC) ($30 million in losses), confidence and romance scams ($19 million), and investment fraud ($632 million). Voice cloning and deepfake technology have emerged as particularly powerful tools in the hands of criminal actors, enabling them to impersonate trusted individuals with unprecedented fidelity and thereby defeat traditional social engineering defenses. AI-enabled fraud is likely to grow in sophistication and scale as these technologies become more accessible.

Complaint Volume & Financial Losses

The 2025 Report reveals a continued escalation in both the volume and financial severity of internet-enabled crime in the United States. In 2025, IC3 received 1,008,597 complaints, representing an average of nearly 3,000 complaints per day. This was the first time the FBI has received more than one million complaints in a single year. Total reported losses reached $20.877 billion, a staggering 26% increase from 2024, and marking the highest annual loss figure in IC3’s 25-year history. The average loss per complaint was approximately $20,699. The chart below, which includes data from previous reports, shows the increase in the number of complaints and the associated dollar value of losses over the last decade:

Internet Crime Losses ($B) and Complaints

These figures underscore the growing sophistication and scale of cyber-enabled fraud and the increasing financial harm inflicted upon American consumers and businesses.

Victim Demographics

The Report provides a detailed breakdown of complaints and losses by victim age group, revealing that older Americans continue to bear a disproportionate share of financial losses. For individuals aged 60+, there were 201,266 complaints and $7.748 billion in losses, by far the highest loss total of any demographic. This represents a 59% increase in losses compared to 2024, with an average loss of approximately $38,500 per complainant. More than 12,000 complainants in this age group reported individual losses exceeding $100,000.

Crime Types by Complaint Volume & Financial Loss

The Report ranks crime types by both complaint volume and financial loss, and the two rankings reveal notably different patterns.

By complaint count, the most frequently reported crime types were as follows:

  1. Phishing & Spoofing: 191,561 complaints, representing nearly 20% of all complaints
  2. Extortion: 89,129 complaints
  3. Investment Fraud: 72,984 complaints
  4. Personal Data Breach: 67,456 complaints
  5. Non-Payment or Non-Delivery Schemes: 56,478 complaints

When measured by the actual financial loss suffered, investment fraud dominated with $8.649 billion in losses, more than double the next category.

Fraud Schemes

  • Business Email Compromise: Business Email Compromise remains one of the most financially destructive fraud schemes affecting the payments ecosystem. In 2025, IC3 received 24,768 BEC complaints with total losses of $3.046 billion, an increase from 21,442 complaints and $2.77 billion in 2024. Of particular significance to the payments industry is the shift in transaction methods used by BEC actors: 86% of BEC-related transactions in 2025 involved cryptocurrency, while only 7% involved traditional wire transfer or ACH. This represents a fundamental evolution in the BEC threat, as criminal enterprises have increasingly migrated to cryptocurrency channels, which offer faster settlement, greater anonymity, and reduced recoverability compared to traditional banking rails.

  • Cryptocurrency Fraud: Cryptocurrency emerged as the dominant transaction type across all fraud categories in 2025. IC3 received 181,565 cryptocurrency-related complaints, a 21% increase from 2024, with total losses of $11.367 billion, representing a 22% year-over-year increase. The average cryptocurrency fraud loss was $62,604, and 18,589 complainants reported individual losses exceeding $100,000. Cryptocurrency investment fraud was the single largest source of financial loss, generating 61,559 complaints and $7.228 billion in losses, a 48% increase in complaint volume and a 25% increase in losses from the prior year. Wire transfer and ACH remained the second most common transaction method in fraud overall, with 19% of investment fraud transactions and 7% of BEC transactions utilizing traditional wire or ACH channels.

  • Credit Card & Check Fraud: Credit card and check fraud generated 18,774 complaints with $282.67 million in losses in 2025. While these figures are modest relative to cryptocurrency and wire fraud losses, they represent a continuing baseline of traditional payment instrument fraud that financial institutions must address through card monitoring, check verification, and dispute resolution processes.

  • Real Estate Fraud: Real estate fraud, primarily involving wire fraud in connection with real estate closings, resulted in 12,368 complaints and $275.1 million in losses. This category remains a persistent concern for financial institutions facilitating real estate settlement transactions. The Report highlights a notable case in which IC3’s Recovery Asset Team (RAT) successfully intervened in a real estate BEC scheme, freezing $1.3 million in fraudulent wire proceeds and subsequently preventing an additional $6 million loss from the same fraudulent account. This case illustrates both the severity of real estate wire fraud and the potential effectiveness of rapid interbank coordination.

  • Account Takeover (ATO) Fraud: ATO fraud generated approximately 4,700 complaints, with $359.7 million in losses. ATO represents a particularly concerning threat vector for financial institutions because it exploits existing customer authentication and enables downstream fraud across multiple payment channels. The Report notes that ATO has increasingly appeared as an initiation mechanism for other fraud types, including tech support fraud and BEC.

Recommended Actions for Financial Institutions

Financial institutions should consider the following actions, among others, arising from the 2025 IC3 Report:

  1. Combatting Artificial Intelligence Fraud: Financial institutions must implement tools and security procedures to detect these types of threats and to combat an ever-evolving group of cybercriminals. The emergence of AI-enabled fraud as a statistically significant category, nearly $900 million in losses in its inaugural year of tracking, represents an evolving threat that will require financial institutions to reassess the adequacy of existing authentication, verification, and customer communication controls. Voice cloning and deepfake technology may render certain voice-based verification procedures vulnerable, and institutions should consider multi-factor and behavioral authentication enhancements to mitigate this emerging risk vector.

  2. Protecting Against Elder Fraud: The concentration of losses among individuals over 60 years old may warrant enhanced customer protection measures tailored to older account holders. Financial institutions subject to elder financial exploitation reporting requirements should consider whether their monitoring systems adequately capture the fraud typologies identified in the Report, including investment fraud, tech support schemes, and confidence scams that disproportionately target this population.

  3. Enhancing BSA/AML Compliance: The Report should inform BSA/AML compliance programs more broadly. The transaction-type data provides a basis for refining suspicious activity monitoring thresholds, updating risk assessments, and refining customer due diligence procedures. Financial institutions would be well-served to incorporate the IC3 Report’s findings into their annual fraud and BSA/AML risk assessment processes and to use the data to support resource allocation decisions for fraud prevention and investigation functions.

The full IC3 report is available at: https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf.