Tech Scams 2025: AI Fraud Surges as Victims Lost $12.5B, With Deepfakes Supercharging Scammers

Tech scams are evolving faster than most defenses. The FBIs Internet Crime Complaint Center (IC3) logged more than $12.5 billion in reported losses across the United States in its latest finalized annual data, with investment fraud, business email compromise (BEC), tech support fraud, phishing and romance/social engineering scams leading the way (FBI IC3). Early 2025 industry advisories warn that generative AIincluding voice cloning and video deepfakesis making scams more convincing, faster to launch, and harder to detect. This guide breaks down the most active scam categories in 2025, how they work, who they target, what the losses look like, and exactly how to protect yourself and your organization.

AI Deepfake Scams (Celebrity/Executive Impersonation, Fake Video Calls)

Recent Cases and Financial Impact

AI-enabled impersonation exploded through 2024 and into 2025, with publicized cases involving lifelike video conference deepfakes of executives authorizing transfers, and voice-cloned relatives or supervisors pressuring urgent payments. While official 2025 totals are pending, multiple sources documented sharp growth in AI-aided social engineering during 2024, with deepfake-enabled fraud intersecting BEC, crypto investment scams, and romance schemes. In the FBIs latest finalized year of data, investment scams alone accounted for over $4 billion in losses (FBI IC3), and experts attribute a growing share of those to AI-boosted impersonation.

How This Scam Works

• Reconnaissance: Scammers scrape LinkedIn, corporate bios, press releases, earnings calls, and social feeds to harvest executive voices, photos, and video.
• Modeling: They create voice clones and deepfake video avatars using off-the-shelf tools.
• Approach: Targets receive a request via email, chat, or messaging to join a quick video call with the CEO or a VIP client.
• Live Fraud: On the call, the deepfake asks for a confidential wire, gift cards, crypto purchase, or sensitive data often citing secrecy or urgency.
• Exit: Funds are sent to mule accounts or instantly converted to crypto and moved through mixers for obfuscation.

Warning Signs

• Video calls with cameras off for most participants except the VIP, or unnatural eye blinks, lighting, or lip sync.
• Requests for secrecy, bypassing normal approval workflows, or urgent after-hours actions.
• Insistence on new vendors, new bank accounts, or crypto transactions.
• Voices that sound almost right but lack natural cadence or have audio artifacts.

Protection Strategies

• Out-of-band verification: For money or data requests, verify via a second channel (phone number you already trust) before acting.
• No single-person approvals: Require at least two approvers for wires or changes to payment details.
• Deepfake-aware training: Teach teams to pause when video looks uncanny or when urgency is weaponized.
• Meeting codes and pre-shared passphrases for high-risk calls; require cameras on for all participants and perform kill switch callbacks if anything seems off.
• Use AI fraud protection tools that detect voice manipulation and video artifacts; deploy caller-ID authentication (STIR/SHAKEN) and inbound call screening.

Business Email Compromise (CEO Fraud, Vendor Impersonation)

Recent Cases and Financial Impact

BEC remains one of the costliest cyber-enabled crimes. The FBI IC3s most recent annual report attributes more than $2.9 billion in losses to BEC schemes, with average losses per incident far exceeding typical phishing (FBI IC3). Verizons DBIR continues to show that email and social engineering are primary vectors for financial fraud at enterprises (Verizon DBIR). AI is accelerating BEC by drafting persuasive emails, mimicking writing styles, and generating realistic supplier invoices.

How This Scam Works

• Account takeover: Attackers steal credentials via phishing, malware, or password reuse, then monitor email quietly.
• Vendor impersonation: They insert themselves into legitimate threads, altering invoices or bank details.
• Executive impersonation: Fake CEO emails or chats instruct finance to send urgent wires or buy gift cards.
• Payment diversion: Funds are wired to mule accounts and quickly laundered, often converted to crypto.

Warning Signs

• Last-minute changes to payment accounts or beneficiaries.
• Email domains that are one character off, or reply-to addresses that dont match display names.
• Requests to skip normal procurement steps or split payments into unusual tranches.
• Invoices with subtle formatting differences or metadata anomalies.

Protection Strategies

• Payment control: Independently verify new or changed bank details using known-good phone numbers.
• Technical controls: Enforce MFA, DMARC/DKIM/SPF, and conditional access; monitor impossible travel and OAuth abuse.
• Segregation of duties: Require dual authorization for high-value wires and vendor changes.
• Logging and alerting: Flag mailbox rules, forwarding, and suspicious app passwords.
• Simulated BEC drills that include deepfake scenarios and Slack/Teams lures.

Tech Support Fraud (Fake Microsoft/Apple Calls, Remote Access)

Recent Cases and Financial Impact

Tech support fraud consistently targets older adults and non-technical users with scareware and cold calls. In the FBIs latest finalized data, tech support losses approached $1 billion, with disproportionately high median losses among victims 60+ (FBI IC3; FBI Elder Fraud). FTC data shows imposter scams, often including fake tech support, as the top reported category by consumers (FTC Consumer Sentinel).

How This Scam Works

• Initial lure: A browser pop-up claims your device is infected, or a Microsoft/Apple agent calls you about suspicious activity.
• Remote access: Youre instructed to install remote tools (e.g., AnyDesk) so they can fix the issue.
• Refund ruse: They overrefund a fee (using screen-editing tricks) and demand you repay the difference.
• Account draining: They move money, buy gift cards, or request crypto while youre distracted.

Warning Signs

• Unsolicited calls claiming to be from Microsoft, Apple, or your bank.
• Pop-ups with a phone number to call and a loud alarm.
• Pressure to keep the conversation secret from family or bank staff.
• Requests to install remote access tools or to log into your bank while screen sharing.

Protection Strategies

• Never call numbers from pop-ups; close the browser and reboot. Real companies do not cold call about infections.
• Bank safe word: Set a family stop phrase (Lets call the bank together) to end suspicious calls.
• Device hygiene: Keep OS and browsers updated; use reputable AV; enable DNS/web filtering.
• Retail controls for elders: Lower ATM limits, disable wire permissions unless pre-approved, and enable transaction alerts.

Cryptocurrency Schemes (Fake Investment Platforms, Crypto Draining)

Recent Cases and Financial Impact

Investment scams are the top loss category reported to FBI IC3, exceeding $4 billion in the latest complete year, with a significant portion involving cryptocurrency (FBI IC3). Chainalysiss reporting shows ransomware payments hit over $1 billion in 2023 and that fraudsters cycle stolen funds through mixers and cross-chain bridges to evade tracing (Chainalysis). Pig-butchering (long-con investment grooming) remains a major driver of crypto losses across 2024Q1 2025, often blending romance and investment themes.

How This Scam Works

• Social grooming: Scammers befriend victims on social apps, messaging, or dating platforms.
• Demo profits: They show a convincing trading app or website that displays fake gains.
• Escalation: After initial withdrawals prove success, victims are pressured to deposit life savings or borrow funds.
• Exit scam: Withdrawals are blocked for taxes or compliance, and accounts are drained.

Warning Signs

• Unsolicited DMs about too-good investment returns or inside tips.
• Platforms that cant verify their license, address, or team and lack independent reviews.
• Pressure to move to WhatsApp/Telegram quickly and keep opportunities confidential.
• Requests to pay taxes/fees in crypto to withdraw.

Protection Strategies

• Zero-trust for DMs: Treat unsolicited investing outreach as fraud by default.
• Platform due diligence: Verify registration with your national regulator; search the company name + scam.
• Cold storage for long-term holdings; use hardware wallets and multi-factor confirmations.
• Wallet hygiene: Revoke token approvals regularly; use transaction simulators; enable address books and whitelists at exchanges.
• If funds move: Report immediately to your exchange, bank, and law enforcement; rapid freezing can sometimes recover assets.

Romance/Social Engineering (Dating App Fraud, Pig-Butchering)

Recent Cases and Financial Impact

Romance and confidence fraud remain among the most emotionally and financially devastating crimes. FBI IC3 data shows losses well over $600 million in the latest full year (FBI IC3), and FTC data highlights imposter/relationship scams as a leading loss driver for older adults (FTC). In 20242025, scammers increasingly pair romance grooming with crypto investment platforms, pressuring victims into high-value transfers.

How This Scam Works

• Match & mirror: The scammer builds rapport, mirroring interests and life stories.
• Trust and isolation: They move the conversation off-platform and discourage sharing with friends/family.
• Financial request: Emergency bills, travel funds, or a cannot-miss investment appear.
• Escalation and disappear: After repeated payments, the scammer vanishes or pivots to blackmail.

Warning Signs

• Refusal to video chat, or heavily filtered/looped video; inconsistent details about job or travel.
• Stories involving offshore oil rigs, military deployment, or international business deals.
• Introductions to a mentor or broker who manages crypto investments.

Protection Strategies

• Safety rules: No money, crypto, gift cards, or financial accounts to anyone you havent met and verified in person.
• Reverse image search: Check profile photos; examine metadata and social footprint.
• Buddy system: Share new online relationships with a trusted friend; heed outsider feedback.
• Platform reporting: Report suspicious profiles; use in-app safety features.

Phishing Evolution (AI-Generated Emails, Smishing, Vishing)

Recent Cases and Financial Impact

Phishing remains the top reported complaint type to the FBI IC3 by volume, with hundreds of thousands of incidents annually; losses vary but are substantial given downstream fraud (FBI IC3). Proofpoint and other firms reported rising smishing (SMS phishing) and vishing (voice phishing) targeting MFA codes, payroll, and crypto accounts throughout 2024 and into 2025 (Proofpoint State of the Phish). AI text generators now craft flawless lures at scale, defeating traditional grammar-error heuristics.

How This Scam Works

• Email/SMS lure: A message claims account lockouts, shipping issues, tax refunds, or payroll changes.
• Lookalike pages: Victims are funneled to cloned login portals or to call centers (vishing) staffed by agents.
• Credential capture: Attackers steal passwords and session cookies, then bypass MFA via real-time prompts or token theft.
• Account abuse: They pivot to BEC, payroll rerouting, crypto theft, or data exfiltration.

Warning Signs

• Links that resolve to misspelled domains or unfamiliar URL shorteners.
• Unexpected MFA reset prompts, QR-code logins, or requests for recovery codes.
• SMS from email gateways or numbers outside your region.

Protection Strategies

• FIDO2 security keys for critical accounts; resist MFA fatigue by limiting push prompts and using number matching.
• Browser isolation and phishing-resistant MFA for admin and finance roles.
• Brand Indicators for Message Identification (BIMI) and DMARC enforcement; monitor lookalike domains.
• Mobile device protections: Disable sideloading; use mobile AV and link-checkers; block URL shorteners enterprise-wide.

Industry Expert Insights

Whats different in 2025 is the scale and polish provided by AI. Where scams once relied on typos and broken English, generative models now produce impeccable language, on-brand invoices, and convincing audio/video. Analysts across the FBI, FTC, and leading cybersecurity firms agree on three dynamics:

• Convergence: Deepfakes are merging with BEC, romance, and investment fraud, turning once-separate fraud types into blended, multi-stage cons.
• Speed: Adversaries move money faster across accounts, exchanges, and cross-chain bridges, shrinking the recovery window from days to hours or minutes.
• Targeting: Older adults remain prime targets for tech support and imposter scams, while businesses face precision BEC attacks against finance, procurement, and executives.

In the FBIs latest full-year report, total reported cyber-enabled losses exceeded $12.5 billion, with BEC over $2.9 billion, investment fraud more than $4 billion, romance/confidence fraud surpassing $600 million, and tech support fraud approaching $1 billion (FBI IC3). FTC Consumer Sentinel data also recorded more than $10 billion in consumer-reported losses in its most recent finalized year, with imposter scams at the top (FTC). Chainalysis confirmed that illicit actors continue to exploit crypto infrastructure, with ransomware payments alone over $1 billion in 2023 (Chainalysis), illustrating the broader criminal economy that many scams feed into.

Immediate Action Steps

• General consumers: Enable phishing-resistant MFA (security keys) on email, financial, and crypto accounts today; turn on transaction alerts at banks and exchanges; set credit freezes at all three bureaus if not actively seeking credit.
• Business owners: Enforce MFA and conditional access for all email; implement DMARC in reject mode; require dual control for wires and vendor changes; create a no-shame rapid reporting channel for suspected fraud.
• Elderly users and caregivers: Use call screening; never install remote tools from unsolicited calls; pre-establish a family stop phrase to end suspicious calls; set lower daily transfer limits and enable bank staff notes to warn of fraud patterns.
• Tech-savvy users: Use hardware security keys, password managers, and unique passwords; review wallet token approvals monthly; use sandboxed browsers for risky clicks; monitor for new logins and mail-forwarding rules.
• If youre hit: Immediately contact your banks fraud department, the receiving bank, and your exchange; file at IC3.gov and with your local police; request a SWIFT recall on wires; engage incident response if corporate accounts are involved.

Conclusion

Tech scams in 2025 arent just more frequenttheyre more convincing. Deepfakes can turn a routine video call into a six-figure mistake. A single urgent email can bypass years of good security if it hits the right person at the wrong time. But the playbook to win hasnt changed: slow down, verify out of band, require two people for high-risk actions, and make it easy to report weird activity without blame. Pair those human habits with phishing-resistant MFA, rigorous payment controls, and continuous training that includes AI-enabled threats. Do that, and youll stay a step ahead of even the most polished scams.