US Victims Lost Record $21 Billion to Cybercrime in 2025, Driven by Investment Scams and BEC
What Happened – The FBI’s Internet Crime Complaint Center (IC3) reported that Americans lost nearly $21 billion to cyber‑enabled crimes in 2025, a 26 % increase over 2024. Losses were dominated by investment fraud, business‑email‑compromise (BEC), tech‑support scams, ransomware and emerging AI‑driven scams.
Why It Matters for TPRM –
- The scale of loss signals a systemic rise in fraud vectors that can affect third‑party vendors and their customers.
- Many incidents (BEC, phishing, ransomware) exploit weak vendor email hygiene and supply‑chain trust.
- AI‑generated deepfakes introduce new social‑engineering risks for vendor communications and contract negotiations.
Who Is Affected – Financial services, healthcare, manufacturing, information technology, government agencies, and the broader consumer base (especially individuals > 60 years).
Recommended Actions –
- Review and harden email authentication (DMARC, SPF, DKIM) for all third‑party relationships.
- Conduct phishing‑resilience training that includes AI‑deepfake awareness.
- Verify vendor financial‑fraud controls and incident‑response playbooks.
- Incorporate AI‑scam detection into vendor risk monitoring tools.
Technical Notes – Primary attack vectors were phishing (191 k complaints) and BEC (24.7 k cases). Emerging AI‑related scams (voice cloning, deepfakes) accounted for 22.3 k complaints and $893 M in losses. No specific CVEs were cited; the threat landscape is driven by social engineering and credential compromise. Source: BleepingComputer