Technology

2025 Tech Scams: Deepfakes, BEC, Crypto Cons, and How to Stop Them

2025 Tech Scams: Deepfakes, BEC, Crypto Cons, and How to Stop Them

2025 Tech Scams: Deepfakes, BEC, Crypto Cons, and How to Stop Them

Online fraud losses are shattering records. The FTC reports consumers lost nearly $10 billion in 2023 alone, with almost 2.6 million fraud reports filed (FTC Consumer Sentinel, Feb 2024). The FBI’s Internet Crime Complaint Center (IC3) tracked over 880,000 complaints and $12.5 billion in reported losses in 2023, led by Business Email Compromise (BEC) and investment scams tied to cryptocurrency (FBI IC3 2023). At the same time, ransomware payments surpassed $1 billion for the first time (Chainalysis, 2024). Below is your up-to-date field guide to the top scams hitting consumers and businesses—and the precise steps to block them.

AI Deepfake Scams

Recent Cases and Financial Impact

– In one of the most dramatic cases, a Hong Kong finance worker was fooled by a deepfake video conference impersonating a CFO and colleagues, transferring roughly $25 million (BBC, Feb 2024).
– Verizon’s Data Breach Investigations Report has long warned about the human element in breaches; a large share of successful attacks begin with social engineering that AI now supercharges (Verizon DBIR, 2023–2024).
– Scammers are increasingly using cloned voices and synthetic video to request urgent payments, change direct deposit details, or extract sensitive access codes.

How This Scam Works

  • Recon: Criminals scrape LinkedIn, corporate sites, and social media for executive footage and voice samples.
  • Clone: AI tools generate convincing voice calls or video of a known leader (e.g., CFO/CEO).
  • Urgency: A sudden, confidential request appears via video call or voicemail (e.g., wire funds to a “new vendor”).
  • Isolation: The scammer insists on secrecy and blocks normal approval paths.
  • Extraction: Funds or credentials are transferred to mule accounts; money is quickly layered and withdrawn.

Warning Signs

  • Unscheduled video calls with unusual camera angles, awkward lip-sync, or audio lag.
  • Leaders requesting payment method changes or secrecy outside standard policy.
  • Inability to verify caller identity through a known, separate channel.
  • Generic or slightly distorted voices, odd phrasing, or refusal to turn the camera on.

Protection Strategies

  • Consumers: Use callback verification. If a “bank” or “relative” calls, hang up and call the official number you already have.
  • Business owners: Enforce multi-person approval and call-back verification for any payment changes, even when requests appear on video.
  • Elderly users: Never act on urgent money requests from phone/video alone; contact a trusted family member first.
  • Tech-savvy users: Deploy liveness checks, anti-spoof prompts, and require a pre-shared code word for executive approvals.

Business Email Compromise (BEC)

Recent Cases and Financial Impact

– BEC remained one of the costliest cybercrimes in 2023 with an estimated $2.9 billion in losses (FBI IC3 2023).
– Overall 2023 losses tracked by IC3 reached $12.5 billion across 880,000+ complaints, with BEC a leading driver (FBI IC3 2023).
– Vendor email compromise (a subset of BEC) continues to rise, exploiting legitimate invoice threads to divert payments.

How This Scam Works

  • Account takeover: Attackers phish a mailbox or register a lookalike domain.
  • Thread hijack: Criminals reply inside real email threads, altering invoices or banking details.
  • Timing: Requests land right before payroll or vendor payment runs, leveraging urgency.
  • Payment redirection: Finance sends funds to a newly “updated” account controlled by the attacker.

Warning Signs

  • Last-minute bank detail changes, especially with secrecy or urgency.
  • Subtle domain typos (e.g., rn vs. m), or newly added forwarding rules.
  • Invoicing that breaks your normal billing cadence or references unknown POs.

Protection Strategies

  • Consumers: For large transfers (home closing, tuition), verify account details with a known number—never the number in the email.
  • Business owners: Enforce vendor callback verification and approval workflows for any payment or banking change.
  • Elderly users: Ask a trusted caregiver to double-check any wire request or bank change instructions.
  • Tech-savvy users: Enable DMARC/DKIM/SPF, conditional access, MFA phishing-resistant methods (FIDO/WebAuthn), and anomaly detection for inbox rules and geo-velocity logins.

Tech Support Fraud

Recent Cases and Financial Impact

– Tech support schemes remain a persistent threat, heavily targeting older adults, with losses in the hundreds of millions annually per federal reporting (FBI IC3; FTC Sentinel).
– The FTC said consumers reported nearly $10 billion lost to fraud in 2023 overall, with imposter scams (including “tech support”) among the most reported categories (FTC, Feb 2024).

How This Scam Works

  • Pop-up or call: A fake Microsoft/Apple alert claims your device is infected.
  • Pressure: The “agent” urges you to call immediately or face account lockout.
  • Remote access: Scammers push AnyDesk/TeamViewer, then plant bogus “evidence.”
  • Payment: Victims are told to buy gift cards, send wires, or move money to “secure” accounts.

Warning Signs

  • Unsolicited calls claiming to be from Microsoft/Apple/your bank.
  • Pop-ups that freeze the browser and include a phone number.
  • Demands for immediate payment via gift cards or crypto.

Protection Strategies

  • Consumers: Close the browser tab. Never call numbers in pop-ups; use official support sites.
  • Business owners: Block remote admin tools by policy; require IT tickets for remote sessions.
  • Elderly users: Keep a “trusted help” phone list on the fridge; call family before anyone else.
  • Tech-savvy users: Enforce application control, EDR, and DNS filtering to block malvertising and remote admin installers.

Cryptocurrency Schemes

Recent Cases and Financial Impact

– Investment fraud resulted in about $4.57 billion in losses in 2023, much of it crypto-related (FBI IC3 2023).
– Ransomware payments exceeded $1 billion in 2023—the highest ever recorded (Chainalysis 2024).
– Pig-butchering (romance-investment hybrids) continues to drive major crypto losses reported to the FBI and FTC.

How This Scam Works

  • Approach: A contact appears on social media, SMS, or dating apps with a friendly pretext.
  • Grooming: Weeks of rapport-building before introducing a crypto “opportunity.”
  • Demo platform: Victim is steered to a slick but fake trading site showing fabricated gains.
  • Extraction: Larger deposits are encouraged; withdrawals are blocked with “fees/taxes.”

Warning Signs

  • Promises of guaranteed or “no-risk” high returns.
  • Pressure to move money to a new exchange or wallet you didn’t choose.
  • Platforms that won’t allow test withdrawals.

Protection Strategies

  • Consumers: Verify any platform with third-party reviews and regulator warnings (FTC/SEC/FINRA). Start with a $5 test withdrawal.
  • Business owners: Lock down corporate wallets with hardware keys and multisig; restrict who can initiate transfers.
  • Elderly users: Never invest based on a new online “friend.” Discuss with a trusted family member or financial advisor.
  • Tech-savvy users: Enable address allowlists, transaction alerts, and separate hot vs. cold wallets. Monitor for drainer scripts and revoke risky approvals.

Romance and Social Engineering (“Pig Butchering”)

Recent Cases and Financial Impact

– The FTC and FBI consistently rank romance and imposter scams among the costliest categories, with reported losses in the billions annually (FTC Sentinel; FBI IC3 2023).
– Many crypto investment losses originate in romance-style grooming on messaging apps and dating sites (IC3 2023; Chainalysis 2024).

How This Scam Works

  • Identity: Scammers use attractive, stolen photos and plausible careers.
  • Hook: They mirror interests and daily routines to gain trust.
  • Pivot: After rapport, they introduce a “mentor” or platform, pushing progressively larger investments.
  • Control: They isolate victims from family and urge secrecy.

Warning Signs

  • Refusal to video chat or meet, or suspicious, low-quality video calls.
  • Requests for money, gift cards, or crypto, especially “urgent opportunities.”
  • Inconsistencies in background stories or time zones.

Protection Strategies

  • Consumers: Reverse image search profile photos; never invest with someone you haven’t met and verified.
  • Business owners: Offer employee education on social engineering and safe dating-app practices, especially for staff with financial roles.
  • Elderly users: Discuss any new online relationship with a family member; set a personal rule: never send money to online-only acquaintances.
  • Tech-savvy users: Harden privacy on social apps, use alias emails/VOIP numbers, and enable content authentication tools when possible.

Phishing Evolution: Email, Smishing, and Vishing

Recent Cases and Financial Impact

– Phishing remains the most common initial access vector for many incidents; the FBI attributes billions in losses to downstream crimes like BEC and investment fraud (FBI IC3 2023).
– Proofpoint’s State of the Phish 2024 reports a high share of organizations experiencing successful email-based attacks in 2023, underscoring the ongoing risk.

How This Scam Works

  • Email: AI-written messages mimic tone and branding, evading traditional filters.
  • SMS (Smishing): Fake delivery/bank alerts with malicious short links.
  • Voice (Vishing): Call-center scripts pressure targets to “verify” credentials or approve transactions.
  • QRishing: QR codes hide malicious URLs that bypass desktop protections.

Warning Signs

  • Mismatched domains, unexpected attachments, or login prompts after a link.
  • Requests to bypass MFA with one-time links or “temporary codes.”
  • Urgent account lockout warnings—especially after-hours.

Protection Strategies

  • Consumers: Type addresses directly instead of clicking links; use a password manager and phishing-resistant MFA.
  • Business owners: Deploy advanced email security (DMARC enforcement, behavioral AI), conditional access, and just-in-time least privilege.
  • Elderly users: Ignore texts from unknown numbers and call your bank using the number on your card.
  • Tech-savvy users: Turn on security keys (FIDO2), implement sender authentication, and monitor for QR code abuse via MDM policies.

Industry Expert Insights

– Scale of losses: Consumers reported nearly $10 billion lost in 2023 (FTC), while IC3 saw $12.5 billion in adjusted losses—the gap reflects differing data scopes and reporting channels.
– Concentration of risk: BEC ($2.9B) and investment scams (~$4.57B) accounted for a large portion of losses (FBI IC3 2023).
– Human factor: Social engineering remains central. Verizon’s DBIR has repeatedly shown the majority of breaches involve a human element, a trend amplified by AI-aided phishing and deepfakes.
– Crypto crime bifurcation: Chainalysis shows overall scamming fluctuating while ransomware payments hit a new record (> $1B in 2023).
– Executive impersonation goes visual: The Hong Kong deepfake CFO heist demonstrates that “video does not equal verification.” Organizations must build culture and controls that assume audio/video can be forged.

Immediate Action Steps

  • All readers: Freeze your credit, enable account alerts, and turn on phishing-resistant MFA (security keys) for email, bank, and brokerage accounts.
  • Consumers: Use call-back verification for any money request. Install a reputable DNS-filtering or safe-browsing extension and keep automatic updates on.
  • Business owners: Enforce payment-change callbacks, dual approval for wires/ACH, DMARC p=reject, phishing-resistant MFA, privileged access management, and quarterly BEC/deepfake tabletop exercises.
  • Elderly users: Create a “trusted contacts” card with family and bank numbers; never call numbers from pop-ups. Ask a family member to review any investment pitch.
  • Tech-savvy users: Hardware security keys, passkeys, password manager, device isolation (separate admin/user), and dedicated devices for finances. Regularly revoke third-party OAuth app access.
  • Report fast: If you sent money—immediately contact your bank, report to IC3.gov and FTC.gov, and notify the platform (exchange/wallet/app). Rapid reporting can sometimes claw back funds.

Conclusion

Today’s fraudsters use CEO lookalikes on video calls, hijack real email threads, and lure victims into polished fake crypto platforms. But their success still hinges on urgency and secrecy. Replace both with process and verification. Build call-back culture, lock down payments with multi-person checks, and turn on phishing-resistant MFA everywhere. If something feels off—even on a live video—stop and verify on a trusted line. That single step can save your family or company millions.

Related Posts