Technology

Latest Tech Scams: Deepfakes, BEC, Crypto, Phishing

Latest Tech Scams: Deepfakes, BEC, Crypto, Phishing

Stop the New Wave of Tech Scams: Deepfakes, BEC, Crypto Drains, and Phishing You Must Know in 2025

In one of the most shocking frauds reported in 2024, a finance worker in Hong Kong wired roughly 25 million US dollars to scammers after a deepfake video conference convincingly imitated the company’s CFO and colleagues (Source: https://www.bbc.com/news/world-asia-china-68250757). That single incident captures how much online fraud has evolved. Across the United States, the FBI’s Internet Crime Complaint Center recorded 880,418 complaints and 12.5 billion dollars in reported losses in 2023 alone, with the costliest category being Business Email Compromise at 2.9 billion dollars (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf). While the threat landscape continues to shift, the playbook is clear: criminals are accelerating social engineering with AI, targeting both individuals and enterprises. Note: All statistics in this guide reflect authoritative sources published through October 2024; editors should update figures with newly released 2025 reports as they become available.

AI Deepfake Scams

Recent Cases and Financial Impact

The deepfake-enabled heist in Hong Kong, where a convincing fake video call led to a 25 million dollar transfer, is the most widely cited example of how AI can supercharge impersonation (Source: https://www.bbc.com/news/world-asia-china-68250757). The FBI’s 2023 IC3 report underscores the scale of social engineering overall: total reported losses hit 12.5 billion dollars across 880,418 complaints, with impersonation and account compromise consistently among the biggest money-makers (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf). The Verizon Data Breach Investigations Report has also stressed the human element in attacks; in its recent editions, a clear majority of breaches involved social engineering or credential misuse, emphasizing that people remain the primary target (Source: https://www.verizon.com/business/resources/reports/dbir/).

How This Scam Works

  • Reconnaissance: Attackers scrape executive headshots, voice samples, and public videos from social media and earnings calls.
  • Asset creation: They generate synthetic voice or video, or blend real content with AI to impersonate leaders or relatives.
  • Live orchestration: A video call invites a target to approve a wire, share one-time codes, or disclose sensitive data.
  • Urgency and secrecy: Criminals insist on confidentiality and rush the decision to override controls.
  • Funds extraction: Money moves via domestic wires, crypto, or mules, often split into multiple hops to evade recovery.

Warning Signs

  • Slight lip-sync or eye-blink artifacts on video; awkward pauses or audio that sounds too compressed or robotic.
  • Unusual requests coming from senior leaders who normally do not handle payments directly.
  • Pressure to bypass normal verification or to keep the request confidential.
  • New payee or changed bank details with a first-time, high-value transfer.

Protection Strategies

  • General consumers: Establish family passphrases for emergency requests, especially over video or voice. If anything feels off, call back using a known number.
  • Business owners: Require multi-person approval plus out-of-band verification for high-risk payments. Never authorize payments solely over video or chat.
  • Elderly users: If a loved one requests money in a video call, hang up and call a trusted phone number you already have. Do not act on the call itself.
  • Tech-savvy users: Validate video call integrity by asking the caller to perform spontaneous gestures, change lighting, or share on-screen, real-time proofs. Use anti-impersonation liveness checks in high-risk workflows.

Business Email Compromise (BEC)

Recent Cases and Financial Impact

BEC remains the most financially damaging online crime category tracked by the FBI IC3. In 2023, victims reported 2.9 billion dollars in losses from BEC alone, with a median transaction loss of 50,000 dollars (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf). These attacks often exploit vendor relationships and invoice fraud. The broader cost context is stark: the FBI recorded 12.5 billion dollars in total losses across all internet crimes in 2023, and BEC consistently sits at the top of that list (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf).

How This Scam Works

  • Credential theft: Criminals phish employee logins, then silently monitor inboxes.
  • Thread hijacking: They reply inside real email threads, altering invoices or bank details.
  • Timing: Requests land when approvers are traveling, at quarter-end, or during staff changes.
  • Payment reroute: Funds get wired to money mules or accounts controlled by the attackers.

Warning Signs

  • Slightly changed domains or display names; unexpected changes to vendor banking details.
  • Payment urgency paired with unusual secrecy or policy-bending.
  • Requests to use a new payee, new country, or split payments into multiple smaller transfers.

Protection Strategies

  • General consumers: When paying invoices for big purchases, call a known number to verify bank details before sending funds.
  • Business owners: Enforce out-of-band callbacks for any change in payment instructions; adopt DMARC, SPF, and DKIM; and deploy vendor risk checks in AP workflows.
  • Elderly users: Never change payment details based on an email alone. Confirm with a trusted phone number before sending money.
  • Tech-savvy users: Use conditional access, phishing-resistant MFA, and token-based auth for email. Monitor for impossible travel and anomalous forwarding rules.

Tech Support Fraud

Recent Cases and Financial Impact

Tech support scams surged to 924 million dollars in reported losses in 2023, with more than 19,000 complaints to the FBI IC3 (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf). Older adults are hit hardest: people aged 60 and over reported 3.4 billion dollars in total fraud losses in 2023 across all scam types, and they accounted for about 724 million dollars in losses from tech support fraud specifically (Sources: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf and https://www.ic3.gov/Media/PDF/AnnualReport/2023_Elder_Fraud_Report.pdf).

How This Scam Works

  • Bait: A pop-up claims your computer is infected and provides a number to call, or a cold caller pretends to be Microsoft or Apple.
  • Hook: The scammer urges you to install remote access tools to run a fake diagnosis.
  • Payment: They demand fees, gift cards, or bank transfers to fix imaginary problems.
  • Escalation: Some pivot to refund scams or steal banking credentials while connected.

Warning Signs

  • Unsolicited calls about viruses or account problems; tech giants do not cold-call you.
  • Pop-ups that lock the screen and demand urgent action or gift cards.
  • Requests to install remote access tools, VPNs, or to open your banking app.

Protection Strategies

  • General consumers: Close suspicious pop-ups with Task Manager or Force Quit. Never call numbers shown by pop-ups.
  • Business owners: Block known remote admin tools at the endpoint except for approved IT staff. Train employees to report suspicious pop-ups or calls.
  • Elderly users: Put a card near your computer that says: Do not call pop-up numbers; hang up on unsolicited tech calls; call a trusted relative first.
  • Tech-savvy users: Run application control and restrict remote tooling via allow-lists. Instrument EDR alerts for new remote access installs.

Cryptocurrency Investment Schemes and Wallet Draining

Recent Cases and Financial Impact

Investment scams were the top loss category for consumers in 2023 at 4.6 billion dollars, according to the FTC, with crypto-themed frauds dominating the narratives behind high-dollar losses (Source: https://www.ftc.gov/system/files/ftc_gov/pdf/ConsumerSentinel_DataBook_2023.pdf and FTC Data Spotlight pages). Chainalysis reported that overall on-chain scam revenue fell to about 5.9 billion dollars in 2023, down roughly 29 percent year-over-year, but sophisticated long-con operations such as pig butchering drove a large share of what remained (Source: https://blog.chainalysis.com/reports/2024-crypto-crime-report/). The FBI IC3 recorded 4.57 billion dollars in investment fraud losses in 2023, reinforcing the magnitude of the problem (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf).

How This Scam Works

  • Social engineering: Fraudsters cultivate trust via dating apps, WhatsApp, or social media.
  • Fake platforms: Victims are steered to convincing but fraudulent investment dashboards.
  • Initial wins: Early withdrawals are allowed to build confidence and increase deposits.
  • Exit: Accounts are frozen, more fees are demanded, and funds are ultimately drained or bridged out.
  • Wallet approval traps: Approval phishing tricks users into granting token allowances that let attackers drain wallets later.

Warning Signs

  • Pressure to move off a dating app to private messaging quickly; promises of guaranteed returns.
  • Requests to install unfamiliar trading apps or sideload APKs; dashboards without independent audits.
  • Being asked to pay taxes or fees upfront to withdraw your own funds.

Protection Strategies

  • General consumers: Verify platforms on independent sources. Never invest based on a stranger’s advice. Use hardware wallets and revoke unnecessary token approvals.
  • Business owners: For treasury or corporate crypto exposure, segregate duties, use multisig, and require policy-based approvals for on-chain movements.
  • Elderly users: If anyone you met online asks you to invest in crypto, stop and talk to a trusted family member or banker before sending money.
  • Tech-savvy users: Use allow-listing for dapps, check contract addresses, use transaction simulation tools, and routinely review and revoke token allowances.

Romance and Social Engineering Scams (Including Pig Butchering)

Recent Cases and Financial Impact

Romance scams continue to devastate victims financially and emotionally. FTC Data Spotlight reporting for 2023 indicates about 1.14 billion dollars in losses tied to romance fraud, with a median reported loss of around 4,400 dollars (Source: FTC Data Spotlight pages and https://www.ftc.gov/system/files/ftc_gov/pdf/ConsumerSentinel_DataBook_2023.pdf). These schemes often blend emotional manipulation with investment fraud, known as pig butchering. The FBI also tallies investment fraud losses at 4.57 billion dollars in 2023, many of which begin as social engineering (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf).

How This Scam Works

  • Approach: Scammers initiate contact through dating apps or misdialed-text pretexts.
  • Bonding: Weeks of conversation establish trust and dependence.
  • Financial pivot: The scammer proposes a sure-win opportunity, often crypto-related.
  • Extraction: The victim is guided into a fraudulent app or exchange and pressured to invest larger amounts.

Warning Signs

  • Reluctance to meet in person or live video; inconsistent details about work or travel.
  • Claims of special trading access, exclusive signals, or guaranteed returns.
  • Requests for secrecy and isolation from friends and family.

Protection Strategies

  • General consumers: Reverse-image-search profile photos, slow down financial decisions, and consult a friend before sending money.
  • Business owners: Include romance scam awareness in employee wellness communications, since off-hours financial stress can spill into workplace risk.
  • Elderly users: Set a personal rule: never send money or gift cards to people you have not met in person and verified with family.
  • Tech-savvy users: Use identity verification steps for any large financial request, including cross-channel checks and liveness verification.

Phishing Evolution: AI-Generated Emails, Smishing, Vishing, and QR Code Traps

Recent Cases and Financial Impact

Phishing remains the gateway to many major incidents, including BEC and ransomware. The Verizon DBIR has repeatedly found that the majority of breaches involve a human element such as phishing or stolen credentials, underscoring why phishing defenses matter as much as ever (Source: https://www.verizon.com/business/resources/reports/dbir/). The FBI warned in January 2024 about a surge in malicious QR codes used to redirect victims to credential phishing or payment fraud pages (Source: https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/qr-code-scams). Chainalysis reported ransomware revenue rebounded to roughly 1.1 billion dollars in 2023, showing how initial email or messaging compromises can escalate into costly extortion events (Source: https://blog.chainalysis.com/reports/2024-crypto-crime-report/).

How This Scam Works

  • Email: AI-spun emails mimic tone and style, and reply-chain attacks insert malicious links into real conversations.
  • SMS (smishing): Messages impersonate delivery firms, banks, or payroll portals, prompting credential capture or app installs.
  • Voice (vishing): Callers pose as IT, HR, or bank staff to harvest MFA codes or portal logins.
  • QR codes (quishing): Stickers on parking meters, invoices, or posters redirect to spoofed payment or login pages.

Warning Signs

  • Email domains that are off by a character, mismatched display names, or sudden urgency around payments or tax forms.
  • SMS links to URL shorteners or domains you have never used, plus requests to log in immediately.
  • Phone calls demanding MFA codes or remote access; legitimate staff will not ask for these.
  • QR codes placed over printed materials, or codes from unknown senders tied to payment instructions.

Protection Strategies

  • General consumers: Verify before you tap or click. Type known URLs directly. Use a password manager to auto-fill only on legitimate sites.
  • Business owners: Deploy phishing-resistant MFA (FIDO2), email authentication (DMARC, SPF, DKIM), and isolation for risky links.
  • Elderly users: Do not scan QR codes to pay bills unless you started the process yourself from a known website or app.
  • Tech-savvy users: Enforce conditional access, use domain-bound passkeys, quarantine first-contact domains, and instrument detections for lookalike domains.

Industry Expert Insights

Across recent public and private reports, three themes stand out. First, social engineering is still the common denominator: the Verizon DBIR continues to attribute a large share of breaches to the human element, reminding organizations to prioritize people, process, and usable controls (Source: https://www.verizon.com/business/resources/reports/dbir/). Second, AI is flattening the learning curve for criminals, enabling targeted spear-phishing and realistic deepfake scams at scale. Third, payments security and verification are the make-or-break layer: the FBI IC3 shows BEC median transaction losses at 50,000 dollars, so a single missed callback can negate years of security investment (Source: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf). For readers tracking online fraud trends and the latest phishing techniques in 2025, expect more cross-channel attacks that stitch together email, SMS, voice, and video, often culminating in crypto on-ramps for fast cash-out.

Immediate Action Steps

  • Enable phishing-resistant MFA everywhere possible: security keys or platform passkeys for email, banking, payroll, and work apps.
  • Set a do-not-pay rule: no urgent payments based solely on email, chat, or video. Always verify payee and bank details by calling a known number.
  • Use a password manager, unique passwords, and automatic updates on all devices.
  • Review and revoke crypto token allowances periodically; use hardware wallets for significant holdings.
  • Train and test: run quarterly phishing simulations and BEC drills that include deepfake scenarios.
  • For older adults: pre-write a short checklist near your phone and computer that reminds you to hang up unsolicited calls and call a trusted relative.
  • For businesses: turn on DMARC enforcement, monitor vendor changes, and require dual approval plus out-of-band callbacks for all bank detail changes.

Conclusion

Tech scams are evolving fast, but your defenses can move faster. This 2025 guide to tech scams outlines the highest-impact threats—deepfake scams, business email compromise, tech support fraud, crypto schemes, and the latest phishing techniques—and how to stop them. Start today: require out-of-band verification for payments, adopt phishing-resistant MFA, and practice the response muscle memory you will need when an urgent message hits your inbox or phone. Share this guide with your team and family so everyone knows exactly how to protect your wallet and your business when it matters most.

Related Posts