Technology

New Tech Scams 2025: Deepfakes, BEC, Crypto Cons

New Tech Scams 2025: Deepfakes, BEC, Crypto Cons

New Tech Scams of 2025: Deepfakes, BEC, and Crypto Cons You Need to See to Believe

Editor’s note: Statistics and case studies are cited with publication dates and authoritative sources. Where 2025 data is pending public release, the most recent verified figures (2023–2024) are used and clearly labeled. We recommend updating this piece as new FBI/FTC reports are published.

Online fraud is evolving faster than most defenses. The FBI’s Internet Crime Complaint Center (IC3) reported a record $12.5 billion in victim losses in 2023 across 880,418 complaints—driven by Business Email Compromise (BEC), investment scams, and tech support fraud (FBI IC3 2023). Meanwhile, the FTC says consumers reported nearly $10 billion in losses in 2023 alone (FTC, Feb 2024). In early 2024, a multinational firm in Hong Kong lost roughly $25 million after employees were tricked by deepfake video calls impersonating executives—a chilling preview of how AI is supercharging old scams with convincing new disguises.

AI Deepfake Scams

Recent Cases and Financial Impact

– In early 2024, Hong Kong police reported a finance worker was duped into wiring approximately $25 million after a video conference populated by deepfaked colleagues approved the transfer (widely reported; see BBC/CNN coverage).
– The FBI has warned that fraudsters are using AI to create synthetic identities and hijack video/voice channels to authorize fraudulent payments and bypass identity checks (FBI advisories, 2023–2024).
– Verizon’s 2024 DBIR highlights that the “human element” is involved in 68% of breaches—deepfakes amplify social engineering by making fraudulent requests eerily realistic (Verizon DBIR 2024).

How This Scam Works

  • Recon: Attackers scrape executive photos, speeches, and public calls to train voice and face models.
  • Pretext: Targets receive a “urgent” video meeting invite or voice call from a spoofed executive or vendor.
  • Pressure: The impostor demands secrecy and speed for wire or crypto transfers, citing M&A or tax deadlines.
  • Validation bypass: The realistic video/voice convinces staff to skip out-of-band verification.
  • Cash-out: Funds move to money mule accounts or crypto mixers, disappearing in minutes.

Warning Signs

  • Slight lip-sync delays, unnatural blinking, or compressed audio artifacts during calls.
  • Unusual secrecy instructions or requests to bypass standard approval workflows.
  • New payment coordinates for a long-standing vendor without a signed change order.
  • Executive “traveling” and demanding urgent, large transfers outside business hours.

Protection Strategies

  • Mandate out-of-band verification (phone/SMS to a known number) for any payment or bank change approvals over a set threshold.
  • Adopt call-back passphrases known only to the payer and approver for high-risk transactions.
  • Use liveness checks and challenge questions in video calls (ask about non-public details).
  • Deploy deepfake detection tools in conferencing and KYC workflows; log and review anomalies.
  • Run quarterly social engineering drills that specifically simulate deepfake calls.

Business Email Compromise (CEO/Vendor Impersonation)

Recent Cases and Financial Impact

– BEC remains one of the costliest cyber-enabled crimes: IC3 recorded approximately $2.9 billion in reported BEC losses in 2023 (FBI IC3 2023).
– Verizon DBIR 2024 reports the median BEC transaction at about $50,000 and shows that social engineering (including pretexting) continues to dominate business-targeted scams (Verizon DBIR 2024).

How This Scam Works

  • Compromise or spoof: Attackers steal credentials through phishing or register lookalike domains (e.g., substituting rn for m).
  • Thread hijack: Criminals insert themselves into active vendor/customer email threads with urgent payment changes.
  • Invoice swap: The attacker sends “updated” banking details with convincing attachments and signatures.
  • Money mule network: Funds are quickly relayed across accounts and jurisdictions.

Warning Signs

  • Bank detail changes delivered by email without a signed vendor master data change form.
  • Slightly altered domains (ex: acme.co vs. acme.com) or reply-to changes.
  • Invoices with mismatched fonts, formatting, or unexpected line items.
  • Unusual payment urgency (quarter-end rush, threatened contract penalties).

Protection Strategies

  • Require two-person approvals plus out-of-band verification for all payment or bank detail changes.
  • Enable DMARC, SPF, and DKIM enforcement; quarantine or reject unauthenticated mail.
  • Use mailbox intelligence to flag lookalike domains and unusual payment requests.
  • Lock down vendor master data changes behind role-based access and workflow.
  • Adopt just-in-time payment holds (e.g., 24 hours) for first-time beneficiaries.

Tech Support Fraud

Recent Cases and Financial Impact

– IC3 reports tech support fraud accounted for roughly $1.3 billion in reported losses in 2023 across about 37,000 victims, with older adults disproportionately affected (FBI IC3 2023).
– The FBI’s Elder Fraud Report indicates people over 60 suffered approximately $3.4 billion in losses in 2023, with a median loss of about $17,000 (FBI IC3 Elder Fraud 2023).

How This Scam Works

  • Pop-up scareware: Fake antivirus warnings urge immediate calls to “Microsoft/Apple” support.
  • Cold calls: Scammers claim your bank account is compromised and demand remote access.
  • Refund hustle: They “accidentally” over-refund, then pressure victims to return money via gift cards or wire.
  • Account draining: With remote tools installed, they move money or plant persistence for later theft.

Warning Signs

  • Unsolicited calls about security problems or “refunds you’re owed.”
  • Requests to install remote tools (AnyDesk, TeamViewer) or to buy gift cards.
  • Pop-ups that lock the browser and list a phone number to call.
  • Pressure to keep the call secret or to act immediately.

Protection Strategies

  • Never call phone numbers shown in pop-ups; close the browser and run your own security scan.
  • Set bank alerts for wire transfers, Zelle, and large withdrawals; place transaction holds for new payees.
  • Use a separate, low-limit account for Zelle/ACH; disable overdraft for that account.
  • For families: enable screen time/parental controls and add a safe contact list for support calls.

Cryptocurrency Schemes (Fake Platforms, Drainers, Rug Pulls)

Recent Cases and Financial Impact

– Investment fraud was the largest loss category to IC3 in 2023, at about $4.57 billion—much of it crypto-related (FBI IC3 2023).
– The FTC continues to warn that social-media-initiated crypto investment scams lead to outsized losses with high median loss amounts (FTC, 2024).
– Chainalysis reported that while some illicit crypto revenues declined in 2023, investment and romance-investment scams remain persistent and lucrative (Chainalysis Crypto Crime Report 2024).

How This Scam Works

  • On-ramp grooming: Scammers build rapport on social media or dating apps, then introduce a “mentor” or “platform.”
  • Fake gains: Victims see fabricated dashboards showing profits to encourage larger deposits.
  • Exit wall: Withdrawals are blocked with “tax” or “verification” fees; the site vanishes.
  • Wallet drainers: Malicious smart contracts or approvals empty wallets after a single click.

Warning Signs

  • Pressure to move funds off reputable exchanges to little-known sites.
  • Demands to pay “taxes” upfront to unlock withdrawals.
  • Unverified token listings, anonymous teams, or plagiarized whitepapers.
  • Requests to sign unlimited token approvals or to import “profit” wallets.

Protection Strategies

  • Use reputable exchanges; verify platforms via independent reviews and official listings.
  • Cold-store long-term assets; keep daily-spend funds in a separate “hot” wallet with low limits.
  • Use wallet firewalls/transaction simulators; regularly revoke token approvals.
  • Never pay “taxes” or “fees” to withdraw from a platform you can’t independently verify.

Romance and Social Engineering (Pig-Butchering)

Recent Cases and Financial Impact

– The FTC reports that romance scams remain among the highest median-loss categories, consistently yielding large individual losses (FTC, 2024).
– IC3 highlights that investment scams—often pig-butchering variants—were the highest-loss category in 2023 at about $4.57 billion (FBI IC3 2023).

How This Scam Works

  • Long con: Scammers cultivate trust over weeks or months with daily chats and calls.
  • Credibility theater: They share screenshots of “their” trading successes and introduce “advisors.”
  • Hook and escalate: Small initial profit, then pressure to “go big” for limited-time opportunities.
  • Isolation and secrecy: They tell victims not to consult friends/family or bank staff.

Warning Signs

  • Romantic interest quickly steering conversations to investments or crypto.
  • Claims of guaranteed returns, VIP access, or “no risk” opportunities.
  • Refusal to meet in person or inconsistencies around travel/work schedules.

Protection Strategies

  • Use image/video search to check for reused photos or AI-generated profiles.
  • Never move money based on advice from someone you have not met and verified in real life.
  • Set a personal “cooling-off” rule: wait 48 hours before any investment transfer.
  • Ask banks to add “tell-me” flags to discuss risks when large or unusual transfers are initiated.

Phishing Evolution (AI-Generated Emails, Smishing, Vishing)

Recent Cases and Financial Impact

– Phishing remains the most reported crime type to IC3 by volume, driving credential theft and account takeovers that lead to downstream fraud (FBI IC3 2023).
– Verizon DBIR 2024 emphasizes that social engineering—including phishing, smishing, and vishing—continues to be a primary entry point, with the human element implicated in 68% of breaches (Verizon DBIR 2024).

How This Scam Works

  • AI-polished lures: Attackers generate fluent, typo-free emails tailored to your company’s tone and vendors.
  • Multi-channel pivot: A text or voice call follows the email to reinforce urgency and legitimacy.
  • Session hijack: Stolen credentials enable MFA fatigue attacks or OAuth consent grants.

Warning Signs

  • Unexpected password reset or invoice links—even when well-written.
  • Texts that claim package issues, payroll errors, or benefits changes and include a shortened URL.
  • Phone calls that push you to read back MFA codes or approve a push notification.

Protection Strategies

  • Use phishing-resistant MFA (FIDO2 security keys or passkeys) for email, payroll, and admin tools.
  • Turn on URL rewriting/sandboxing and banner warnings for external senders.
  • Train on “trust but verify”: hover to preview URLs, and verify requests via a second channel.
  • Use password managers to auto-fill only on legitimate domains—this passively detects lookalikes.

Industry Expert Insights

– FBI and FTC data show that losses are concentrating in a few categories (BEC, investment/crypto, tech support), indicating that focused controls can dramatically reduce exposure (FBI IC3 2023; FTC 2024).
– Verizon DBIR 2024 underscores that controls addressing the human element—phishing-resistant MFA, approval workflows, and out-of-band verification—deliver outsized risk reduction relative to cost.
– Chainalysis notes that while some crypto crime segments fluctuate with markets, scam operators are professionalizing onboarding (slick UX, 24/7 chat, fake compliance). Prevention must assume “legitimate-seeming” experiences are still fraudulent.

Immediate Action Steps

  • General Consumers: Turn on bank and card alerts for wires, Zelle, and international transactions; enable account lock and transaction PINs in mobile apps.
  • Business Owners: Require out-of-band verification for all vendor bank changes; implement DMARC enforcement and phishing-resistant MFA for finance and exec mailboxes.
  • Elderly Users and Caregivers: Create a “support safe list” of trusted phone numbers; agree on a family passphrase; instruct banks to require in-branch verification for large outgoing wires.
  • Tech-Savvy Users: Use hardware security keys, password managers, and network-level DNS filtering; enable email rules monitoring and OAuth app review alerts.
  • Everyone: Practice a 24–48 hour pause before large transfers triggered by unsolicited calls, texts, or DMs—then verify with a known contact route.

Conclusion

Scammers are not merely sending bad emails anymore—they are staging live, AI-enhanced theater to separate you from your money. The good news: a short list of habits and controls stops the vast majority of losses. Build out-of-band checks into every payment, adopt phishing-resistant MFA, and slow down the money. If a voice or video can be faked, your verification must live on a different channel. Share this playbook with your family and finance team today—and make your next attempted scam a non-event.

Sourcing and Publication Dates (for verification)
– FBI IC3 Internet Crime Report 2023 (published 2024): $12.5B losses; BEC ~$2.9B; investment fraud ~$4.57B; tech support fraud ~$1.3B; top complaint types.
– FBI IC3 Elder Fraud Report 2023 (published 2024): ~$3.4B losses for 60+; median loss ~$17,000.
– FTC Press Release (Feb 2024): consumers reported nearly $10B in 2023 losses; imposter scams prevalent.
– Verizon 2024 Data Breach Investigations Report: human element in 68% of breaches; median BEC ~$50,000; social engineering trends.
– Chainalysis Crypto Crime Report 2024: evolving crypto scam ecosystems, investment scams remain significant.

Related Posts