Cyber Fraud Losses Hit $17.6 B in 2025 – Ransomware, BEC, Investment Scams & Crypto Theft Surge Across U.S. Critical Infrastructure
What Happened – The FBI’s Internet Crime Complaint Center (IC3) reported $17.6 billion in cyber‑enabled fraud losses for 2025, representing 85 % of all monetary losses. Investment fraud ($8.6 B), business‑email‑compromise (BEC) scams ($3 B+), tech‑support fraud ($2.1 B) and ransomware ($32 M) were the top loss drivers, while crypto‑related theft accounted for $11.3 B.
Why It Matters for TPRM –
- Third‑party vendors are frequent ransomware targets, exposing supply‑chain risk.
- BEC and tech‑support scams often exploit weak vendor email controls, threatening payment integrity.
- Crypto‑theft highlights the need for robust asset‑custody and transaction monitoring in vendor contracts.
Who Is Affected – Financial services, healthcare, education, municipal governments, and any organization that relies on third‑party SaaS, payment processors, or cloud providers.
Recommended Actions –
- Review all vendor contracts for ransomware response clauses and cyber‑insurance coverage.
- Validate BEC‑mitigation controls (DMARC, MFA, email verification) for all third‑party communications.
- Ensure vendors handling cryptocurrency or large financial transactions have AML/KYC and cold‑storage safeguards.
Technical Notes – The surge is driven by phishing‑based credential theft, exploitation of unpatched remote‑access tools, and misuse of AI‑generated social‑engineering content. No single CVE dominates; the threat landscape is fragmented across many malware families and fraud kits. Source: The Record