2025 Tech Scam Guide: Deepfakes, BEC, Crypto

2025 Tech Scam Guide: Deepfakes, BEC, Crypto

The 2025 Guide to Tech Scams: Deepfakes, BEC, Crypto, and More

In one of the most striking frauds of the AI era, a multinational firm reportedly lost about $25 million after an employee was tricked by a deepfake video conference that perfectly impersonated executives. That incident caps a broader surge in tech-enabled scams: U.S. consumers reported losing nearly $10 billion to fraud in 2023 (FTC), while the FBI’s Internet Crime Complaint Center (IC3) tallied $12.5 billion in losses across 880,418 complaints. This guide distills the latest, data-backed tactics scammers use—and the precise steps consumers, businesses, seniors, and power users can take to stop them. Note: Statistics below reflect the latest official releases available through late 2024 (FBI IC3 2023, FTC 2023, Chainalysis 2024) and will be updated as new 2025 data is released.

AI Deepfake Scams

Recent Cases and Financial Impact

– A finance worker in Hong Kong was duped by a deepfake video call that mimicked company leaders, triggering transfers totaling roughly $25 million (reported in early 2024).
– Imposter scams—many now supercharged by AI voice/video fakes—drove $2.7 billion in reported U.S. losses in 2023 (FTC).
– The FBI’s IC3 recorded $12.5 billion in total cyber-enabled crime losses in 2023, underscoring the scale of financially motivated online fraud that deepfakes now amplify.

How This Scam Works

  • Recon: Criminals scrape social media, earnings calls, interviews, and prior meeting recordings to train voice/video models.
  • Setup: Targets are invited to “urgent” video calls or receive convincing audio messages from supposed executives, celebrities, or family members.
  • Pressure: Scammers demand immediate payments, confidentiality, or gift card/crypto purchases, citing time zones, legal holds, or deal deadlines.
  • Payment: Funds are pushed to mule or crypto wallets; money is quickly layered across accounts.

Warning Signs

  • Slightly off lip sync, unnatural eye blinking, or odd background artifacts in video.
  • Audio cadence that sounds right but lacks normal back-and-forth or shows latency.
  • “Urgent and secret” payment requests outside normal approvals.
  • Unusual payment rails: new vendors, crypto, gift cards, or wire destinations.

Protection Strategies

  • All audiences: Agree on a “safe word” or personal challenge only family/colleagues would know; verify requests via a second channel you initiate (call a known number, not one provided in the message).
  • Businesses: Require out-of-band approvals for payments above set thresholds; enforce callback verification to a known directory number; use multi-person approval workflows for vendor/bank changes.
  • Elderly users: Never move money or buy gift cards/crypto based on a call or pop-up; hang up and call a known family number or bank directly.
  • Tech-savvy users: Use real-time video challenges (ask the caller to perform unscripted actions), and apply meeting waiting rooms so you can vet participants.

Business Email Compromise (BEC)

Recent Cases and Financial Impact

– In 2023, BEC accounted for approximately $2.9 billion in reported losses across 21,489 complaints (FBI IC3).
– Total IC3 complaints reached 880,418 with $12.5 billion in losses in 2023—BEC remains the most financially damaging complaint category.

How This Scam Works

  • Credential theft or spoofing: Attackers phish or brute-force accounts, or register lookalike domains.
  • Vendor compromise: Criminals lurk in vendor inboxes and alter invoices or payment instructions.
  • Pretexting: “CEO/CFO” asks finance to rush a wire tied to deals, audits, or M&A.
  • Funds transfer: Money routes through domestic/foreign mule accounts and is rapidly withdrawn.

Warning Signs

  • Requests to change bank details or add a new payee mid-cycle.
  • Domains with subtle typos (e.g., rn vs m, extra hyphens, swapped letters).
  • Odd timing (end of day, holidays) and pressure to bypass standard approvals.
  • Messages steering conversation off email to SMS/WhatsApp.

Protection Strategies

  • General consumers: Be skeptical of surprise “payment updates” from service providers; log in via bookmarks, not email links.
  • Business owners: Enforce a formal, out-of-band bank change process; lock down vendor onboarding; set spend caps and dual approval for wires/ACH.
  • Elderly users: If anyone claims to be from a bank or government asking for money, stop—call a verified number on your statement.
  • Tech-savvy users: Implement DMARC enforcement (p=reject), SPF, DKIM; use phishing-resistant MFA for email; monitor impossible travel and OAuth consent grants.

Tech Support Fraud

Recent Cases and Financial Impact

– The FBI reports tech support fraud losses exceeding $1 billion in 2023, with more than 19,000 victims, disproportionately affecting older adults (IC3 data/PSA).
– The FBI’s 2023 Elder Fraud Report shows victims aged 60+ reported $3.4 billion in losses in 2023, with an average loss of $33,915, and over 100,000 victims.

How This Scam Works

  • Pop-ups and calls: Fake Microsoft/Apple warnings claim your device is infected or your bank account is compromised.
  • Remote access: Scammers trick you into installing remote tools to “fix” the issue.
  • Bank “tests”: Criminals guide you to move funds for a “secure hold,” or demand gift cards/crypto.
  • Money mules: Funds go to accounts the criminals control; refunds are promised but never come.

Warning Signs

  • Any pop-up or caller urging you to dial a number to fix “viruses” or “bank errors.”
  • Pressure to install remote-control software or mobile device management apps.
  • Payment via gift cards, crypto, or wire to “verify” or “secure” funds.

Protection Strategies

  • General consumers: Close the pop-up; don’t call the number; reboot and run your own antivirus; contact the vendor using a number on your official receipt or card.
  • Business owners: Block remote tools by policy; enforce application allowlists; add bank alerts and positive pay; train staff to escalate any “bank test” requests.
  • Elderly users: Post a “Do Not Pay” checklist by the phone (no gift cards, no crypto, no wires on calls); call a trusted family member before any transaction.
  • Tech-savvy users: Run endpoint protection with web filtering; deploy DNS filtering; restrict admin rights; enable outbound anomaly alerts from banking portals.

Cryptocurrency Schemes

Recent Cases and Financial Impact

– The FBI IC3 reports investment scams as the costliest category in 2023 at roughly $4.57 billion in reported losses—many tied to fraudulent crypto investments.
– Chainalysis estimates total crypto scamming revenue at approximately $4.6 billion in 2023, with “pig butchering” (long-con investment/romance hybrids) a major driver.
– The U.S. Department of Justice seized about $112 million linked to pig-butchering accounts across multiple cases (2023).

How This Scam Works

  • Approach: Fraudsters meet victims on social media/dating apps and move chats to encrypted messengers.
  • Grooming: They build trust, show fake trading dashboards with “profits,” then push deposits.
  • Escalation: Victims are urged to “avoid taxes” by adding more; withdrawals are blocked without large “fees.”
  • Exit: Sites/apps vanish; crypto is mixed and laundered across chains/exchanges.

Warning Signs

  • Unsolicited investment tips promising guaranteed or “risk-free” high returns.
  • Pressure to keep the investment secret from friends/family or bank staff.
  • Request to pay “taxes/fees” to unlock your own funds.

Protection Strategies

  • General consumers: Verify any platform with independent reviews and regulator warnings; never invest on instruction from someone you’ve never met in person.
  • Business owners: Prohibit corporate funds in personal wallets; restrict staff use of unvetted exchanges; require finance approval for any crypto-related spending.
  • Elderly users: If someone you met online asks for money or crypto, stop—talk to a trusted person or your bank first.
  • Tech-savvy users: Use hardware wallets you control; enable on-chain risk alerts where available; beware of wallet-drainer approvals and revoke suspicious allowances.

Romance/Social Engineering Scams

Recent Cases and Financial Impact

– Romance/investment hybrid “pig-butchering” schemes have driven multi-billion-dollar losses; DOJ actions in 2023 seized $112 million tied to such scams.
– The FBI Elder Fraud Report shows adults 60+ are frequent targets, with $3.4 billion in reported losses in 2023 and average losses over $33,000—romance and tech support scams are common vectors for this group.
– The FTC reported nearly $10 billion in overall fraud losses and 2.6 million fraud reports in 2023, with imposter scams (often social-engineered) topping $2.7 billion.

How This Scam Works

  • Scammers create convincing profiles, quickly profess affection, and craft emergencies (medical bills, travel, customs fees) or investment opportunities.
  • They isolate victims from friends/family and push for secrecy and rapid payments.
  • Once funds are sent, the account blocks you or continues to demand more.

Warning Signs

  • Refusal to video chat live or meet in person; endless excuses.
  • Requests for money via gift cards, wire, or crypto.
  • Moving conversations off-platform immediately to private apps.

Protection Strategies

  • General consumers: Reverse-image search profile photos; talk to a friend before sending money; never pay someone you haven’t met.
  • Business owners: Provide employee wellness resources and security training that covers personal-life scams that spill into work (account compromise, money mule risks).
  • Elderly users: Ask a trusted family member to join any video call; if asked for money, pause and call someone you trust.
  • Tech-savvy users: Use platform safety tools; report fake profiles; enable account privacy controls to limit data harvesting.

Phishing Evolution (Email, Smishing, Vishing)

Recent Cases and Financial Impact

– Phishing remains the top IC3 complaint category by volume, with hundreds of thousands of reports in 2023 (nearly 300,000 complaints).
– Many BEC, tech support, and crypto scams begin with a phishing, SMS (“smishing”), or voice (“vishing”) lure that steals credentials or initiates social engineering.

How This Scam Works

  • Email: Links to counterfeit login pages or malware attachments.
  • SMS: “Delivery,” “bank,” or “tax” notices with urgent links or callback numbers.
  • Voice: AI-augmented calls spoofing banks, help desks, or executives.

Warning Signs

  • Generic greetings, mismatched sender domains, and unusual link domains/URL shorteners.
  • Urgent requests for MFA codes or password resets you didn’t initiate.
  • Unexpected attachments or invoices from unknown senders.

Protection Strategies

  • General consumers: Type known URLs directly; don’t click links in unsolicited messages; enable account alerts for logins and transfers.
  • Business owners: Deploy secure email gateways, DMARC enforcement, and phishing-resistant MFA (FIDO2/passkeys) for all email accounts; simulate phishing drills quarterly.
  • Elderly users: When in doubt, delete; call the number on your card or statement, not the number in the message.
  • Tech-savvy users: Check DNS and certificate details; use password managers to auto-fill only on legitimate domains; monitor for OAuth token abuse.

Industry Expert Insights

– Identity and trust are the new perimeter: Attackers increasingly impersonate people you recognize—CEOs, vendors, partners, and loved ones—using AI to pass casual scrutiny.
– Faster payments increase risk: Real-time rails make recovery harder; strong pre-transaction controls and call-backs are essential.
– Controls that work: Out-of-band verification, enforced payment workflows, phishing-resistant MFA, DMARC enforcement, least-privilege access, and continuous monitoring are repeatedly cited by law enforcement and security firms as high-efficacy measures.
– Elderly are prime targets: The FBI reports over $3.4 billion in losses among victims 60+, with average losses above $33,000—programs that empower families to verify requests together materially reduce harm.

Immediate Action Steps

  • Consumers: Freeze your credit at all three bureaus; enable MFA and transaction alerts on all bank, brokerage, and crypto accounts; store a personal “safe word” with family.
  • Businesses: Enforce call-back verification for any bank/beneficiary change; require dual approval and out-of-band confirmation for wires/ACH; implement DMARC (p=reject), SPF, DKIM; deploy FIDO2/passkeys for email and finance apps.
  • Elderly and caregivers: Post a visible “Do Not Pay” checklist: no gift cards, no crypto, no wires from phone calls or pop-ups; always call a known number first; involve a trusted contact before any transfer.
  • Tech-savvy users: Use hardware security keys; review OAuth app permissions quarterly; revoke suspicious crypto token approvals; maintain allowlisted remote tools and block the rest.
  • Everyone: Create a simple verification routine: pause, verify via a second channel you initiate, and document who approved the payment.

Conclusion

Today’s scams look and sound like people you trust. That is precisely why simple, consistent verification beats even sophisticated fraud. If a message asks for money, secrecy, or speed—stop. Call back using a number you already know, require a second approver, and confirm bank details out of band. Those few extra minutes can save tens of thousands—even millions—of dollars. Share this playbook with your team and family, and put the verification steps into policy today.

Related Posts