Technology

2025 Tech Scams: Deepfakes, BEC, Crypto & Phishing

2025 Tech Scams: Deepfakes, BEC, Crypto & Phishing

2025’s Most Dangerous Tech Scams: Deepfakes, BEC, Crypto Cons, Tech Support Grifts, and Smarter Phishing

Note on data freshness: This article cites authoritative sources with the latest figures available to this writer at time of drafting (through late 2024). Where possible, we link to live dashboards and annual reports so editors can replace figures with the newest releases before publication. In early 2024, the FTC reported that U.S. consumers lost nearly $10 billion in 2023—a record year—while the FBI’s IC3 tallied $12.5 billion in losses across 880,418 complaints in 2023. In one widely reported case from February 2024, a finance worker in Hong Kong was duped by a deepfake video conference into wiring about $25 million to criminals—illustrating how quickly AI-powered fraud has moved from theory to boardrooms.

AI Deepfake Scams (celebrity impersonation, fake video calls)

Recent Cases and Financial Impact

Hong Kong deepfake heist (2024): An employee transferred approximately $25 million after joining a video call where every participant, including the “CFO,” was a deepfake impostor (CNN, Feb 2024).
Macro impact: While comprehensive global loss data for deepfakes is still emerging, adjacent categories show explosive growth: the FBI’s IC3 logged $12.5B in total cyber-enabled losses in 2023, with Business Email Compromise (often aided by synthetic media) accounting for $2.9B.

How This Scam Works

  • Recon: Criminals harvest public videos/voice clips (social media, earnings calls, interviews).
  • Clone: They create voice and video models to convincingly impersonate executives, celebrities, or loved ones.
  • Set the stage: Urgent scenarios (M&A secrecy, tax deadlines, vendor emergencies) are used to suppress scrutiny.
  • Execute: Targets are pulled into a “private” video call or receive an urgent voicemail to approve a high-value payment, share MFA codes, or hand over sensitive files.
  • Cash out: Funds are routed through money mules and crypto mixers to obfuscate origin.

Warning Signs

  • Unusual payment urgency combined with secrecy (“Don’t tell finance yet”).
  • Subtle audio/video anomalies (lip-sync mismatches, unnatural blinking, awkward lighting).
  • New bank accounts or beneficiary details from a familiar “executive.”
  • Requests to move conversations off official channels (from company email to personal messaging apps).

Protection Strategies

  • Consumers: Establish a family “code word” for financial requests and verify via a known callback number.
  • Business owners: Enforce out-of-band verification for payments over a threshold; require dual approval with a known-number voice callback.
  • Elderly users: Ask a trusted caregiver to verify any urgent money request via a separate call using a phone number you already have.
  • Tech-savvy users: Use liveness checks (unique gestures, randomized prompts), and require meeting organizers to show real-time screen shares or signed meeting invites.

Business Email Compromise (CEO fraud, vendor impersonation)

Recent Cases and Financial Impact

FBI IC3 (2023): BEC schemes accounted for $2.9 billion in adjusted losses, remaining the costliest cybercrime category.
Complaint volume: Across all crime types, IC3 received 880,418 complaints in 2023; BEC continues to drive a disproportionate share of total dollar losses.
Median transaction size: Industry reporting indicates BEC often results in five- to six-figure losses per incident, with invoice fraud and payroll diversion among the most common variants (see Verizon DBIR/IC3 patterns).

How This Scam Works

  • Account takeover or lookalike domains are used to hijack real conversations with vendors or customers.
  • Attackers inject revised banking details on legitimate invoices or create urgent executive payment orders.
  • Victims pay the “updated” invoice to the criminal’s account, often offshore.

Warning Signs

  • Invoice banking changes without a formal, signed notice from a known contact.
  • New or unusual urgency from executives, especially during travel or off-hours.
  • Minor domain misspellings or reply-to email mismatches.

Protection Strategies

  • Consumers: Double-check seller payment details on marketplaces; use platform escrow when available.
  • Business owners: Implement supplier-of-record change controls and call-back verification to a pre-validated phone number before changing payment details.
  • Elderly users: If you receive a request involving bank changes, call the company using a number from an old invoice or official website.
  • Tech-savvy users: Enforce DMARC/DKIM/SPF, deploy VIP impersonation detection, and use secure email gateways with anomaly detection.

Tech Support Fraud (fake Microsoft/Apple calls, remote access)

Recent Cases and Financial Impact

FBI IC3: Tech support fraud continues to heavily impact older adults; the FBI’s Elder Fraud report shows victims 60+ lost approximately $3.4 billion in 2023 across all crimes, with tech support imposters a major driver.
Trend: Scammers increasingly send pop-up browser “alerts” that mimic Windows/macOS security messages, pressuring users to call “support.”

How This Scam Works

  • Pop-up or cold call claims your device is infected or your bank account is at risk.
  • Scammer requests remote access via popular tools and “discovers” fake problems.
  • They ask for payment, gift cards, or bank transfers and may install real malware.

Warning Signs

  • Unsolicited calls claiming to be from Microsoft, Apple, or your bank’s “security department.”
  • Demands for gift cards, crypto, or wire transfers to “secure” your account.
  • Pressure to keep the call secret and act immediately.

Protection Strategies

  • Consumers: Never call numbers from pop-up alerts; close the browser and contact the company via its official site.
  • Business owners: Lock down remote admin tools; block unsigned executables; provide a staffed helpdesk number employees can trust.
  • Elderly users: Keep a trusted family member’s number handy; if pressured, hang up and call them before doing anything.
  • Tech-savvy users: Use application allow-listing, restrict remote tools, and deploy EDR that flags unauthorized remote sessions.

Cryptocurrency Schemes (fake investment platforms, crypto draining)

Recent Cases and Financial Impact

FBI IC3 (2023): Investment fraud reported losses hit about $4.57 billion, the top loss category; crypto-related investment fraud represented a substantial share (multi-billion dollars).
Chainalysis (2024): Ransomware revenue rebounded to surpass $1 billion in 2023, reflecting a broader resurgence in wallet-draining and extortion tactics that intersect with crypto laundering lanes.

How This Scam Works

  • Fraudsters build slick “investment” sites with fabricated dashboards and testimonials.
  • They groom victims via social apps or messaging, promising guaranteed returns.
  • Initial withdrawals are allowed to build trust before large deposits are “blocked” behind fake taxes/fees.
  • Crypto drainers/phishing kits steal seed phrases, enabling immediate wallet emptying.

Warning Signs

  • Guaranteed returns, time-limited “VIP tiers,” and pressure to recruit others.
  • Being asked to move funds to a new platform to “unlock” profits.
  • Requests for your seed phrase, private key, or remote access to your wallet.

Protection Strategies

  • Consumers: Use hardware wallets; never share seed phrases; test withdrawals with small amounts first.
  • Business owners: Restrict corporate crypto access with multi-sig and role-based controls; maintain incident response for wallet compromise.
  • Elderly users: Avoid unsolicited investment pitches on social media or messaging apps; talk to a trusted family member or advisor first.
  • Tech-savvy users: Verify smart contract and domain provenance; use phishing-resistant FIDO2 security keys on exchanges; monitor on-chain approvals and revoke as needed.

Romance/Social Engineering (dating app fraud, pig butchering)

Recent Cases and Financial Impact

FTC (2023): Romance scams remained among the costliest fraud types, with reported losses in the billions over recent years; many victims are first contacted via social media or dating apps.
IC3 (2023): Social engineering remains a top vector behind high-impact financial crimes, including investment and BEC frauds.

How This Scam Works

  • Scammers create convincing personas and build months-long trust (“pig-butchering”).
  • They pivot to “coaching” victims into crypto or FX “trades” on fake platforms.
  • Small early gains are shown; larger deposits are then frozen behind fake fees.

Warning Signs

  • Reluctance to meet in person or on live video; stories that conveniently avoid verifiable details.
  • Insistence that you keep the relationship — and investments — secret.
  • Unsolicited “expert” trading advice and screenshots of huge profits.

Protection Strategies

  • Consumers: Reverse-image search profile photos; never invest based on a new romantic contact’s advice.
  • Business owners: Provide employee awareness training on social engineering and off-platform investment pitches.
  • Elderly users: Consult a trusted friend/family member before sending money to someone you met online.
  • Tech-savvy users: Use burner identities for initial chats; verify platform domains via WHOIS, TLS, and third-party reputation.

Phishing Evolution (AI-generated emails, smishing, vishing)

Recent Cases and Financial Impact

APWG (2023): Recorded about 4.7 million phishing attacks in 2023, the worst year on record.
IC3 (2023): Phishing remains the most reported crime category by volume each year, acting as the entry point for credential theft, BEC, and ransomware.

How This Scam Works

  • AI tools generate polished spear-phish at scale, tailored to roles and seasons (tax, payroll, shipping).
  • Smishing (SMS) and vishing (voice) bypass email defenses to capture MFA codes or push accept fatigue.
  • Adversary-in-the-middle (AitM) kits steal tokens to defeat MFA and session-bound protections.

Warning Signs

  • Unexpected password reset emails or SMS codes you didn’t request.
  • Lookalike domains and links that resolve to IP addresses or URL shorteners.
  • Requests to approve push notifications repeatedly (“MFA fatigue”).

Protection Strategies

  • Consumers: Use a password manager; enable phishing-resistant MFA (security keys) on critical accounts.
  • Business owners: Deploy inbound email authentication (DMARC/DKIM/SPF), advanced phishing detection, and conditional access policies.
  • Elderly users: Avoid clicking links in unsolicited texts; call your bank using the number on the back of your card.
  • Tech-savvy users: Prefer FIDO2 security keys; monitor SSO logs for unusual device, geo, and impossible travel anomalies.

Industry Expert Insights

Human layer remains decisive: Major breach studies consistently show the human element drives the majority of breaches and high-dollar fraud, making security culture and process controls as critical as technology.
AI is an amplifier: LLMs and generative tools have lowered the cost and skill needed to craft convincing pretexts, while voice/video synthesis enables plausible real-time imposture.
Payments are the choke point: Tighter payment verification and bank-to-bank recovery playbooks are the most effective loss reducers for BEC and deepfake-driven heists.
Crypto hygiene matters: Multi-sig, hardware wallets, and on-chain approval management blunt modern wallet-drainer and investment fraud kits.

Immediate Action Steps

  • Set a company-wide policy: No payment or banking changes without verified call-backs to pre-approved numbers and dual approval.
  • Switch critical accounts to phishing-resistant MFA (FIDO2 security keys) and disable SMS where possible.
  • Enable DMARC enforcement and VIP impersonation alerts; monitor supplier domain changes.
  • For families and seniors: Create a shared code word for any money request and agree to verify via a second channel every time.
  • Use a password manager, unique passwords, and automatic software updates across all devices.
  • Crypto users: Store long-term assets in hardware wallets; never share seed phrases; regularly revoke on-chain approvals.
  • Practice incident drills: Simulate a BEC attempt and a deepfake video call; track time-to-verify and update procedures.

Conclusion

Scammers are combining polished social engineering with AI voice and video to force split-second, high-stakes decisions. The best countermeasure is friction: out-of-band verification, dual authorization, phishing-resistant MFA, and clear family or company rules that slow the moment of commitment. Lock those in today—and the next urgent email, text, or video call will meet a process that protects your money.

Related Posts