top of page

$20 Billion and Counting: Key Takeaways from the 2025 FBI IC3 Report

  • Writer: Brady Woudstra
    Brady Woudstra
  • 21 hours ago
  • 4 min read

The FBI's Internet Crime Complaint Center just released its 2025 Annual Report — and the numbers are staggering. Here's what every business owner and individual needs to know. You can find the full report here: https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf


For 25 years, the FBI's Internet Crime Complaint Center (IC3) has served as the nation's central hub for reporting cyber-enabled crime. In 2025, it marked that anniversary with a sobering milestone: reported losses surpassed $20 billion for the first time, with over one million complaints filed. That's nearly 3,000 complaints every single day. Whether you're an individual, a small business, or a large enterprise, the threat landscape has never been more urgent or more diverse.


FBI IC3 Banner

Here are the most important takeaways from the 2025 IC3 Annual Report.


1. Losses Hit $20.9 Billion — Up 26% From 2024

IC3 received 1,008,597 complaints in 2025, with total reported losses of $20.877 billion. That's a 26% increase in losses from the prior year, and more than double the $10.3 billion reported just three years earlier in 2022. The average loss per complaint came in at $20,699.

The growth isn't just in volume — it's in severity. Cybercriminals are becoming more sophisticated, more organized, and more ruthless in who they target.


2. Investment Fraud Remains the #1 Financial Threat

Investment fraud topped the charts for financial losses, accounting for $8.65 billion — more than 41% of all reported losses. Cryptocurrency investment scams drove the bulk of this, with $7.2 billion in losses tied specifically to crypto fraud. These aren't random hacks. They are sophisticated, long-con operations run by organized criminal enterprises, many based in Southeast Asia, using human trafficking victims as forced labor to run the schemes.

The playbook is disturbingly consistent: scammers initiate contact via text, social media, or dating apps, build a relationship over weeks or months, introduce a fake investment platform, show fabricated profits — and then disappear with everything when victims try to withdraw.

The top five crime types by financial loss were:

•       Investment fraud: $8.65 billion

•       Business Email Compromise (BEC): $3.05 billion

•       Tech/Customer Support scams: $2.13 billion

•       Personal Data Breach: $1.31 billion

•       Confidence/Romance scams: $929 million


3. Business Email Compromise: $3 Billion Lost, One Wire at a Time

Business Email Compromise (BEC) remains one of the most destructive threats facing organizations of all sizes. With $3.05 billion in reported losses from roughly 24,768 complaints, BEC attacks target businesses through impersonation of executives, vendors, or financial institutions — tricking employees into initiating fraudulent wire transfers. Notably, 86% of BEC losses were transferred via wire or ACH, making speed of detection critical.

For small and mid-size businesses, this is particularly relevant. A single fraudulent wire transfer can be devastating. Training employees to verify transfer requests through secondary channels — especially for any change in payment instructions — is one of the highest-ROI security investments available.



4. AI Is Now a Weapon in the Cybercrime Arsenal

The 2025 report dedicates an entire section to artificial intelligence in cybercrime — a first. Over 22,364 complaints were flagged as AI-related, with associated losses exceeding $893 million. AI is being weaponized across multiple fraud categories: deepfake audio and video for impersonation, AI-generated phishing emails that are nearly indistinguishable from legitimate communications, and synthetic identities used to bypass verification systems.

The speed and scale at which AI allows criminals to operate is a fundamental shift. What used to take weeks of social engineering can now be automated and deployed at mass scale. Businesses need to update their security awareness training to account for this new reality.


5. Ransomware Continues to Threaten Critical Infrastructure

IC3 received 3,611 ransomware complaints in 2025, with reported losses exceeding $32 million — though the FBI notes this is almost certainly an undercount, as many incidents go unreported or victims report directly to field offices. The top ransomware variants impacting organizations included Akira, Qilin, BianLian, and LockBit, with 63 new variants identified throughout the year.

Critical infrastructure sectors were hit especially hard, with Healthcare, Critical Manufacturing, and Government Facilities bearing the brunt. For businesses in or adjacent to these sectors, the FBI's ransomware mitigations deserve immediate attention:

  • Maintain encrypted, offline, and immutable backups

  • Enforce multi-factor authentication (MFA) everywhere

  • Segment your network to limit lateral movement

  • Patch systems promptly, especially internet-facing services

  • Deploy endpoint detection and response (EDR) tools


6. Older Adults Bear a Disproportionate Financial Burden

Americans aged 60 and older filed 201,266 complaints and reported $7.7 billion in losses — by far the highest of any age group. Tech support scams and account takeover (ATO) fraud were the top threats for this demographic. Gold courier scams — where criminals dispatch couriers to physically collect cash or precious metals from victims — resulted in $311.8 million in losses from just 725 complaints, highlighting how extreme individual losses can be.

If you have elderly clients, family members, or colleagues, proactive education about these specific scam types is one of the most impactful things you can do.


7. The IC3 Recovery Asset Team Froze $679 Million

There's a bright spot in the report: the IC3 Recovery Asset Team (RAT) and its Financial Fraud Kill Chain (FFKC) process achieved a 58% success rate in freezing fraudulent transfers in 2025, recovering $679 million out of $1.16 billion in attempted theft across 3,900 incidents. The key takeaway? Speed is everything. If you or your organization is victimized, contact your bank and file a report at ic3.gov immediately — every minute counts.


What This Means for Your Business

The 2025 IC3 Report isn't just a set of statistics — it's a roadmap of where criminals are focusing their energy. The consistent themes are:

  • Human manipulation is the primary attack vector. Phishing, BEC, impersonation, and romance scams all rely on deceiving people, not just exploiting technology.

  • Cryptocurrency is the preferred exit ramp. Over $11.4 billion in losses involved cryptocurrency, largely because it's difficult to recover once transferred.

  • AI is supercharging existing threats. The barrier to launching convincing, personalized fraud is dropping rapidly.

  • Reporting matters. The FFKC recovery process only works if victims report quickly. Encourage your team and clients to report incidents without delay.

The bottom line: cybercrime is no longer a niche concern for large enterprises. With the average loss now exceeding $20,000 per complaint, a single successful attack can be devastating for a small business. A proactive cybersecurity posture — including employee training, MFA, regular backups, and a trusted IT partner — is no longer optional.


Have questions about how to protect your organization? Reach out — we're here to help.

 
 
bottom of page