2025 Tech Scams: Deepfakes, BEC, Crypto & Phishing

2025 Tech Scams: Deepfakes, BEC, Crypto & Phishing

2025 Tech Scam Survival Guide: Deepfakes, BEC, Crypto Cons, and Smarter Phishing

Online fraud is surging in scale and sophistication. The FTC reports consumers lost nearly $10 billion to scams in 2023—its highest total ever—across 2.6 million fraud reports (FTC). The FBI’s Internet Crime Complaint Center (IC3) tallied 880,418 complaints and $12.5 billion in reported losses in 2023 alone (FBI IC3 2023). In 2024 and beyond, attackers are wielding AI deepfakes, precision social engineering, and crypto-draining toolkits to move faster than ever. This guide distills the newest tactics, the latest verified numbers, and step-by-step defenses for consumers, businesses, seniors, and power users.

AI Deepfake Scams

Recent Cases and Financial Impact

In a widely reported case, scammers used AI to clone an executive’s likeness and orchestrate a multi-participant video call that tricked a Hong Kong finance employee into sending the equivalent of $25 million (HK$200 million) (SCMP). The FBI’s IC3 confirms deepfake-enabled social engineering is rising inside larger problem categories like Business Email Compromise (BEC) and investment fraud, which together accounted for billions in 2023 (FBI IC3 2023).

How This Scam Works

  • Recon: Attackers scrape public videos, webinars, and interviews to train voice and face clones.
  • Setup: They compromise or spoof email/chat to schedule a “quick” video or voice call.
  • Performance: AI-generated audio/video impersonates a real person (CEO, vendor, or family member).
  • Pressure: The impostor demands urgent wire transfers, gift cards, or crypto—citing secrecy or a time-sensitive deal.
  • Exfiltration: Funds are moved through mules and mixers to frustrate recovery.

Warning Signs

  • Odd video artifacts: off-beat lip sync, unnatural blinking, odd lighting, or “frozen” facial expressions.
  • Unusual channel change: urgent requests to move from corporate email to a personal app.
  • Payment changes: new bank details, new vendors, or “temporary accounts.”
  • Unverifiable context: claims that cannot be confirmed via normal corporate systems.

Protection Strategies

  • Out-of-band verification: Confirm any payment or sensitive request via a known phone number or a separately initiated call.
  • Use code words: Pre-share a rotating passphrase with executives/finance for high-risk approvals.
  • Harden accounts: Enforce phishing-resistant MFA (FIDO2/passkeys) for email, chat, and meeting platforms (CISA).
  • Disable “join without host” for executive meetings; require waiting rooms and vetted invites.
  • Train to doubt video: Treat unexpected calls like unexpected emails—verify first, pay later.

Business Email Compromise (BEC)

Recent Cases and Financial Impact

BEC remains one of the costliest cybercrimes. In 2023, BEC caused approximately $2.9 billion in adjusted losses with a median loss of $50,000 per complaint (FBI IC3 2023). The 2024 Verizon Data Breach Investigations Report finds 68% of breaches involve the human element—phishing, stolen credentials, and social engineering that often precede BEC (Verizon DBIR 2024).

How This Scam Works

  • Credential theft: Phishing or MFA-fatigue attacks capture email credentials.
  • Mailbox surveillance: Attackers study threads, invoices, and approval patterns.
  • Impersonation: They pose as executives or vendors to redirect payments.
  • Invoicing fraud: They submit lookalike invoices or request bank detail changes.
  • Money movement: Funds hop between accounts and are cashed out quickly.

Warning Signs

  • “New banking details” or “rush payments” on routine invoices.
  • Unusual tone/grammar from known senders; reply-to addresses that don’t match.
  • Requests to bypass normal purchase order (PO) or dual-approval workflows.
  • Vendor domain lookalikes (e.g., rn for m, .co for .com).

Protection Strategies

  • Mandatory callback: For any banking changes, require a verified phone callback to an on-file number.
  • Finance controls: Enforce dual approval and dollar thresholds for wires/ACH.
  • Email authentication: Deploy SPF, DKIM, and DMARC with reject policies; monitor DMARC reports.
  • MFA everywhere: Use phishing-resistant MFA on email, accounting, and SSO (CISA).
  • Just-in-time training: Show real BEC samples from your own environment during onboarding and quarterly refreshers.

Tech Support Fraud

Recent Cases and Financial Impact

Tech support scams—often starting with browser pop-ups or cold calls—continue to hammer consumers and seniors. The FBI reports tech support fraud losses exceeded $1 billion in 2023, with older adults disproportionately affected (FBI IC3 2023; FBI Elder Fraud 2023).

How This Scam Works

  • Trigger: A fake “Microsoft/Apple” pop-up or robocall claims your device is infected.
  • Hook: The scammer directs you to call a number or install remote-access tools.
  • Manipulation: They stage “repairs,” fabricate logs, or fake refunds.
  • Extraction: Victims are pushed to pay fees via gift cards, wire, or crypto—or to move money to “secure” accounts.

Warning Signs

  • Unsolicited calls from “support” or pop-ups that lock your screen with a phone number.
  • Pressure to install remote tools (AnyDesk, TeamViewer) immediately.
  • Payment demands in gift cards, crypto, or wire transfer.

Protection Strategies

  • Never call numbers in pop-ups. Close the browser; restart the device. Visit official support sites by typing the URL.
  • Bank safeguards: If told to move money “to keep it safe,” stop and call your bank’s number on the back of your card.
  • Device hygiene: Keep OS and browsers updated; enable built-in protections (SmartScreen, Safe Browsing).
  • Caregiver plan: Pre-establish a family “tech helper” to contact before taking any action.

Cryptocurrency Schemes

Recent Cases and Financial Impact

Investment and crypto-related scams are among the costliest. IC3 recorded about $4.57 billion in investment fraud losses in 2023, much of it driven by crypto “pig butchering” schemes (FBI IC3 2023). Chainalysis estimates scam revenues in the crypto ecosystem at roughly $4.6 billion for 2023, even as some categories declined from 2022 peaks (Chainalysis 2024).

How This Scam Works

  • Seeding: A stranger (often via text or social media) builds rapport and introduces “low-risk” crypto investments.
  • Proof of life: Fake platforms show fabricated gains and allow small “withdrawals” to build trust.
  • Draining: After large deposits, withdrawals fail; new “tax/fee” demands appear; funds vanish.
  • On-chain tricks: Approval phishing grants token-spending rights to malicious contracts (drainers).

Warning Signs

  • Unsolicited tips or “insider” platforms you’ve never heard of.
  • Pressure to move off reputable exchanges into obscure sites or self-custody without guidance.
  • Being asked to pay “taxes” or “unlock fees” to withdraw earnings.

Protection Strategies

  • Due diligence: Verify platforms via multiple independent sources; avoid links sent by strangers.
  • Custody controls: Use hardware wallets for long-term holdings; revoke risky token approvals regularly.
  • Allowlists: On exchanges, enable withdrawal address allowlists and 24–48 hour holds for new addresses.
  • Never pay to withdraw: Legit platforms deduct fees from balances; “unlock fee” demands are a red flag.

Romance and Social Engineering (including Pig Butchering)

Recent Cases and Financial Impact

Romance-driven cons continue to inflict heavy losses, often merging with crypto “investment” lures. The FTC reports annual romance scam losses in the billions, with 2023 losses exceeding $1 billion and investment fraud driving the largest dollar totals overall (FTC; FBI IC3 2023).

How This Scam Works

  • Meet: Contact via dating apps or social platforms; scammers quickly move to private chats.
  • Trust cycle: Weeks of emotional grooming; stories of hardship or investment success.
  • Ask: Requests for money, gift cards, or crypto “opportunities” escalate.
  • Isolation: Scammers discourage victims from talking to friends/family.

Warning Signs

  • Refusal to video chat or meet; excuses around cameras, military service, or travel.
  • Rapid escalation to money requests or “exclusive” investments.
  • Love-bombing and attempts to isolate you from advice.

Protection Strategies

  • Reverse image search profile photos; verify identities across platforms.
  • Never send money or crypto to someone you haven’t met in person.
  • Discuss with a trusted friend or advisor before any investment.
  • Report and block suspicious profiles on the platform; file reports with the FTC and IC3.

Phishing Evolution: Email, Smishing, Vishing, and QR Scams

Recent Cases and Financial Impact

Phishing remains the top reported crime category to IC3, with nearly 300,000 complaints in 2023 (FBI IC3 2023). The Verizon DBIR attributes 68% of breaches to the human element, underscoring how convincing messages—across email, SMS, voice, and QR codes—drive compromise (Verizon DBIR 2024). Security firms also report continued growth in smishing and vishing attempts targeting enterprises (Proofpoint).

How This Scam Works

  • Email phishing: Credential theft via fake login pages and MFA-fatigue prompts.
  • Smishing: Texts posing as banks, delivery services, or HR; links to credential harvesters.
  • Vishing/call-back phishing: Voicemails or operators guide targets to fake support portals.
  • Quishing (QR phishing): Codes in emails/posters that lead to malicious sites.

Warning Signs

  • Urgent tone, threats, or offers too good to be true.
  • Domains that are misspelled or unrelated to the brand.
  • Login or payment pages without expected security indicators.

Protection Strategies

  • Phishing-resistant MFA: Use security keys or platform passkeys wherever possible (CISA).
  • Email defenses: Enable DMARC enforcement, banner external emails, and use modern secure email gateways.
  • Browser isolation and link protection for high-risk roles (finance, HR, executives).
  • Mobile hygiene: Disable link previews; scrutinize shortened URLs; avoid scanning QR codes from email.

Audience-Specific Guidance

For General Consumers

  • Slow down: Scams leverage urgency. Verify any money request via a known-good phone number.
  • Bank and device basics: Turn on account alerts; enable MFA; keep software updated.
  • Report fast: If you paid a scammer, call your bank immediately and file with the FTC and IC3.

For Business Owners and Leaders

  • Mandate out-of-band verification for all payment/banking changes.
  • Implement phishing-resistant MFA and enforce least privilege on finance systems.
  • Adopt email authentication (SPF/DKIM/DMARC) and a zero-trust posture.
  • Run tabletop exercises for BEC and deepfake scenarios; measure time-to-verify.

For Elderly Users and Caregivers

  • Create a “call me first” plan with a trusted family member for money or tech requests.
  • Ignore pop-up phone numbers; use official support sites typed into the browser.
  • Use a password manager and enable MFA on email and banking apps.

For Tech-Savvy Users

  • Prefer hardware security keys; enroll passkeys across your accounts.
  • Use unique emails/aliases for high-risk sites; enable bank transfer allowlists.
  • For crypto: Verify contract addresses, revoke token approvals, and keep long-term funds in hardware wallets.

Industry Expert Insights

Three trends define 2025’s scam landscape:

  • AI-accelerated pretexting: Generative AI scales convincing scripts and voices, shortening reconnaissance-to-payout cycles.
  • Payment redirection over malware: Social engineering and BEC remain more reliable for criminals than complex exploits—hence the outsized $2.9B BEC losses (IC3 2023).
  • Mobile-first lures: Smishing, vishing, and QR attacks bypass desktop email defenses and target busy users on the go (DBIR 2024; Proofpoint).

Organizations that combine phishing-resistant MFA, out-of-band verification, email authentication, and rapid user coaching consistently blunt these attacks. Individuals who verify before paying, lock down accounts, and report promptly have the best odds of recovery.

Immediate Action Steps

  • Turn on phishing-resistant MFA now for email, banking, and cloud storage (use security keys or passkeys).
  • Set bank alerts for transactions; enable daily transfer limits and require approvals.
  • Create a verification routine: For any payment request, call a known number before acting.
  • Bookmark official support portals; never use phone numbers shown in pop-ups.
  • Back up critical data to an offline or cloud location you control.
  • If scammed: Call your bank immediately, freeze accounts if needed, and report to the FTC and IC3.

Conclusion

Scammers are moving faster with AI and smarter social engineering, but their success still depends on urgency and secrecy. The latest data points are clear: $12.5 billion in reported cyber losses to the FBI in 2023, nearly $10 billion reported to the FTC, $2.9 billion in BEC alone, and billions more in investment scams. Commit today to a simple playbook—phishing-resistant MFA, out-of-band verification, and disciplined payment controls—and you’ll slam the door on most modern cons. Share this guide with your team and family, and report every attempt. The sooner we verify, the less we lose.

Related Posts