The 2025 Tech Scam Playbook: Deepfakes, BEC, Phishing and Crypto Schemes Draining Billions

Criminals are using artificial intelligence, social engineering and payment platform tricks to outpace defenses. In 2023, U.S. consumers reported nearly $10 billion in scam losses to the FTC, a record high, while the FBI logged about $12.5 billion in cyber-enabled crime losses across consumers and businesses. Chainalysis also found ransomware payments surged past $1.1 billion in 2023. In one widely reported 2024 incident, a finance worker in Hong Kong wired about $25 million after attending a deepfaked video call with impostors posing as the company’s CFO and colleagues. These numbers and cases underscore the urgency: modern scams aren’t just spam emails—they’re tailored CFO frauds, AI-cloned voices, and convincing investment lures that bypass traditional controls.

AI Deepfake Scams

Recent Cases and Financial Impact

AI-generated audio and video are turning classic impersonation into high-stakes fraud. In early 2024, Hong Kong police reported a case where a finance employee was tricked into sending roughly $25 million after a multi-person deepfaked video conference mimicked the company’s CFO and coworkers (BBC). Identity-verification firm Sumsub reported a 10x year-over-year increase in detected deepfake fraud attempts in 2024, illustrating how quickly these tools are being operationalized by scammers. The broader context: the Verizon 2024 DBIR found 68% of breaches involve the human element, which social engineers increasingly exploit with AI-driven content.

How This Scam Works

• Targeting: Criminals profile executives or family members using LinkedIn, public bios, and leaked data.
• Cloning: They craft AI voice or video models from short samples, then generate realistic calls or videos.
• Social engineering: Urgency (“regulatory deadline”), secrecy (“board-approved but confidential”), and authority are used to rush payments.
• Payment orchestration: Transfers are split across multiple accounts or converted to stablecoins to evade clawbacks.

Warning Signs

• New or unusual payment instructions supposedly from executives, especially with secrecy or urgency requests.
• Video calls where participants avoid real-time interaction (camera off, latency, refusal to screen-share).
• Voice calls that push you to bypass dual approvals or change vendor bank details mid-process.

Protection Strategies

• Consumers: Verify money requests through a known phone number or a separate channel; use safe words for family emergencies.
• Business owners: Enforce out-of-band callbacks for all first-time or high-value payment changes; require two-person approval and name verification on calls.
• Elderly users: If a “relative” calls for urgent money, hang up and call their known number. Don’t trust caller ID.
• Tech-savvy users: Adopt challenge-response checks on calls, require security keys for approvals, and log all payment change requests for anomaly detection.

Business Email Compromise (BEC)

Recent Cases and Financial Impact

BEC remains the costliest cyber-enabled crime reported to the FBI. In 2023, BEC caused approximately $2.9 billion in adjusted losses, with a median loss of about $50,000 per complaint (FBI IC3 2023). The FBI’s IC3 report recorded roughly 880,000 complaints overall in 2023, with BEC and investment fraud topping losses. Attackers increasingly pair AI-crafted pretexts with vendor impersonation and forged invoices.

How This Scam Works

• Reconnaissance: Threat actors mine email threads and contracts via compromised inboxes or LinkedIn to learn tone, timing, and payables processes.
• Impersonation: They spoof or take over executive/vendor email accounts and send realistic invoice updates.
• Payment rerouting: Victims are instructed to change bank account details for an upcoming payment.
• Money movement: Funds are quickly dispersed through domestic and international accounts to evade recall.

Warning Signs

• Urgent requests for bank detail changes, especially near invoice due dates.
• Subtle domain lookalikes (e.g., rn vs m) or recent rule changes in the mail tenant.
• Requests to bypass normal approval workflows or to keep the change confidential.

Protection Strategies

• Consumers: For large transfers (home purchases, tuition), always confirm wiring instructions via a verified phone number.
• Business owners: Enforce vendor bank change verification via out-of-band callbacks; require dual authorization and payment hold periods; implement DMARC, SPF and DKIM with enforcement.
• Elderly users: Be skeptical of unexpected requests to transfer money—even from known contacts; verify with a trusted family member first.
• Tech-savvy users: Deploy conditional access, impossible-travel detection, and mailbox rule monitoring; use FIDO2 security keys for privileged accounts; log and alert on payment metadata changes.

Tech Support Fraud

Recent Cases and Financial Impact

Tech support fraud disproportionately impacts older adults. The FBI’s 2023 Elder Fraud Report documented about $3.4 billion in losses among victims aged 60+, with tech support scams frequently reported by this group (FBI Elder Fraud 2023). Attackers blend pop-up browser alerts, search ads and cold calls to induce remote access and drain accounts.

How This Scam Works

• Initial contact: A browser pop-up or call claims to be from Microsoft/Apple or your bank, warning of malware or account compromise.
• Trust building: The scammer “proves” the issue (fake logs, command prompts) and urges immediate action.
• Remote access: Victim installs a remote tool; attacker manipulates screens, “tests” refunds, or requests online banking access.
• Monetization: Funds are moved, gift cards purchased, or crypto wallets funded; scammers may also install info-stealers.

Warning Signs

• Unsolicited pop-ups or calls claiming to be from tech companies or banks.
• Pressure to install remote access tools or provide one-time codes.
• Requests to buy gift cards or convert money to crypto to “secure” funds.

Protection Strategies

• Consumers: Close the browser, do not call numbers in pop-ups; navigate directly to official support pages; contact your bank via the number on your card.
• Business owners: Block known remote admin tools for end users; filter lookalike domains and malvertising; create a “security help” hotline employees can call.
• Elderly users: Put a “Do not trust pop-ups” note near the computer; ask a family member before taking action; banks and tech firms do not ask for gift cards.
• Tech-savvy users: Use application control to restrict remote tools, enforce browser isolation for high-risk sites, and deploy EDR with alerting for new remote sessions.

Cryptocurrency Schemes

Recent Cases and Financial Impact

Investment fraud produced about $4.6 billion in reported losses in 2023 (FBI IC3), with a large portion tied to crypto. Chainalysis reported that ransomware revenue exceeded $1.1 billion in 2023, while crypto theft by hackers was about $1.7 billion in 2023—down from 2022 but still substantial. In late 2023, Tether said it froze $225 million in USDT linked to a human trafficking-connected “pig butchering” scam network, highlighting law enforcement collaboration with exchanges.

How This Scam Works

• Romance/investment hybrid: Scammers build rapport on social apps, then steer victims to fake investment platforms.
• Fake gains: Dashboards show rising balances; withdrawals are blocked pending “taxes” or “verification” fees.
• Drainers: Wallet-draining links or approvals silently grant permission to move tokens.
• Cash-out: Funds are laundered through mixers, cross-chain bridges, and high-risk exchanges.

Warning Signs

• Pressure to move funds to a specific platform or to keep the opportunity secret.
• Unsolicited trading advice promising guaranteed high returns.
• Requests for additional fees or crypto to “unlock” withdrawals.

Protection Strategies

• Consumers: Use only well-known, regulated exchanges; verify URLs; never invest based on a new online relationship.
• Business owners: Block known scam domains; require pre-approved crypto counterparties; educate finance and executives about wallet-drainer permissions.
• Elderly users: Do not send crypto based on a call, text, or online romance; involve a trusted relative before investing.
• Tech-savvy users: Use hardware wallets, review token approval lists, and set spending limits; treat DMs with investment offers as malicious by default.

Romance and Social Engineering (Including Pig Butchering)

Recent Cases and Financial Impact

Romance and long-con investment schemes remain a top loss driver. The FTC reported nearly $10 billion overall consumer scam losses in 2023, with romance and investment scams among the most expensive categories. Fincrime trends show pig-butchering rings using scripted playbooks and crypto rails; Tether’s $225 million USDT freeze in 2023 underscores both scale and cross-border nature.

How This Scam Works

• Approach: A friendly contact via text, WhatsApp, or dating app claims a misdial or mutual interest.
• Bonding: Weeks of daily chats and photos build trust, sometimes with AI-enhanced images.
• Hook: The scammer introduces a “mentor” or an exclusive investment app with screenshots of big profits.
• Extortion: After deposits, withdrawals are blocked until the victim pays bogus “taxes”—then the site disappears.

Warning Signs

• Fast-moving relationships that pivot to money or investment tips.
• Demands for secrecy from family and friends.
• Refusal to video chat live or inconsistencies in personal details.

Protection Strategies

• Consumers: Reverse-image search profile photos; never move funds to platforms recommended by online acquaintances.
• Business owners: Provide employee training focused on romance-investment overlaps that spill into corporate accounts.
• Elderly users: Involve a family member before sending any funds; local banks and law enforcement can help if you suspect a scam.
• Tech-savvy users: Use burner identities on dating apps; isolate financial apps in separate device profiles; enable transaction notifications and velocity alerts.

Phishing Evolution (Email, Smishing, Vishing)

Recent Cases and Financial Impact

Phishing remains the gateway to many incidents. APWG has consistently recorded over one million phishing attacks per quarter, and the Verizon 2024 DBIR attributes 68% of breaches to the human element, including phishing and pretexting. Attackers increasingly use AI to generate fluent content and deepfake voices for vishing, and they weaponize QR codes to bypass email filters (FBI PSA).

How This Scam Works

• Email: Lures imitate brands or services (parcel, payroll, MFA resets) and link to credential-stealing sites.
• Smishing: Text messages claim account issues or deliveries, pointing to lookalike portals.
• Vishing: Callers impersonate IT or bank staff and solicit MFA codes or remote-access approvals.
• Quishing: QR codes in emails or flyers open malicious sites that steal credentials or push mobile malware.

Warning Signs

• Unexpected MFA prompts, password reset links, or QR codes for “urgent” fixes.
• Misspelled domains, odd reply-to addresses, or payment links that differ from usual flow.
• Requests to read or share one-time codes over the phone.

Protection Strategies

• Consumers: Use a password manager and unique passwords; enable phishing-resistant MFA (security keys) where possible.
• Business owners: Turn on DMARC enforcement; deploy email threat protection; run phishing simulations and just-in-time training; adopt security keys for high-risk roles.
• Elderly users: Don’t scan QR codes or click links from unsolicited messages; call the company using a number you know.
• Tech-savvy users: Validate links with safe-browsing sandboxes; use FIDO2 keys; enable domain allowlists and mobile link protection.

Industry Expert Insights

Recent data sets point to several themes. The FBI IC3 2023 report shows BEC and investment scams dominating losses. Chainalysis observed ransomware revenue rebounding to over $1.1 billion in 2023 and estimated roughly $1.7 billion stolen by crypto hackers in 2023. Verizon’s 2024 DBIR reinforces that social engineering is the common denominator—human-centric controls matter as much as technical ones. IBM’s 2024 Cost of a Data Breach report pegs the average global data breach at about $4.88 million, highlighting why even a single successful phishing or BEC incident can be catastrophic for businesses. Deepfakes are lowering the effort required for convincing impersonation, which means controls like out-of-band verification and security keys are no longer optional; they are core risk controls.

Immediate Action Steps

• Set up out-of-band verification: For any payment change or urgent transfer, require a callback using a known, stored number.
• Adopt phishing-resistant MFA: Issue FIDO2 security keys to executives, finance, and IT admins.
• Lock down payments: Enforce dual authorization, cooling-off periods, and daily transfer limits; monitor vendor bank changes.
• Harden email: Enforce DMARC, SPF and DKIM; disable legacy auth; monitor for inbox rules and suspicious OAuth grants.
• Train for deepfakes: Teach employees how to challenge unusual requests on calls/video; implement code words and challenge questions.
• Secure personal devices: Install only from official app stores; use a password manager; review crypto wallet token approvals regularly.
• For seniors: Ignore pop-up warnings; never install remote tools from unsolicited calls; verify with a trusted family member first.
• Incident readiness: Pre-stage bank contacts, law enforcement reporting links (FBI IC3, FTC), and crypto-exchange rapid-response procedures.

Conclusion

Scammers are moving faster with AI, better pretexts and rapid money movement. But they still rely on the same choke points: unverified payment changes, rushed decisions, and unsecured accounts. Put friction where it matters—out-of-band checks, security keys, dual approvals—and you cut off the most profitable pathways. For families, a single rule—”no transfers without a verified callback”—stops most urgent-money scams. For businesses, treating finance workflows like security-critical systems is the difference between near-miss and multimillion-dollar loss. Act now, before the next “urgent” message arrives.