Technology

New Tech Scams in 2025: Deepfakes, BEC and Crypto Cons

New Tech Scams in 2025: Deepfakes, BEC and Crypto Cons

New Tech Scams in 2025: Deepfakes, BEC and Crypto Cons Explained

Editor’s note: This guide uses the latest publicly available statistics from authoritative sources (FBI IC3, FTC, Verizon DBIR, Proofpoint, Chainalysis, Microsoft) up to October 2024. Before publication, replace labeled placeholders with current 2025 figures and add links to any new incidents from the last 3–6 months. Example of a recent incident to feature: a Hong Kong firm’s multi-million-dollar loss after a deepfake video call posing as a senior executive (Feb 2024). [Insert verified link to the incident].

AI Deepfake Scams

Recent Cases and Financial Impact

AI-powered voice and video impersonations have moved from novelty to high-impact fraud. Law enforcement and cybersecurity firms report rising use of AI for real-time voice cloning and synthetic video in both consumer and enterprise scams. Notable example: staff at a multinational were duped into wiring funds after attending a deepfake video conference featuring multiple “colleagues” (reported Feb 2024). Financial impact is accelerating: [STAT 1: Insert the latest FBI/Europol/cybersecurity firm count of deepfake-enabled fraud incidents in the last 6 months], with aggregate losses of [STAT 2: Insert dollar estimate for deepfake-enabled scams from a primary source].

How This Scam Works

  • Recon: Attackers scrape executive bios, interviews, earnings calls, and social videos to train voice and face models.
  • Setup: They acquire domain lookalikes and compromised email or chat accounts to arrange a “secure call.”
  • Execution: On a video call, the deepfake “executive” requests urgent wire transfers or confidential data, often citing a secret deal.
  • Payment: Funds are split across mule accounts and moved into crypto or high-velocity payment rails.

Warning Signs

  • Unscheduled, high-pressure video calls requesting secrecy, especially involving payments or gift cards.
  • Unusual visual artifacts: lip-sync delay, odd eye-blinking, inconsistent lighting; audio with compression or unnatural pauses.
  • Requests to bypass normal payment approval chains “due to urgency.”

Protection Strategies

  • All audiences: Establish and stick to out-of-band verification for any money movement (e.g., call a verified phone number already on file).
  • Business owners: Use code phrases and dual approval for wires over a set threshold; log and review executive payment exceptions weekly.
  • Elderly users: If a relative calls about an emergency money request, hang up and call the known number; never pay with gift cards or crypto.
  • Tech-savvy users: Deploy liveness checks (challenge words, unexpected head turns), and require camera off + audio-only verification steps when doubt arises.

Business Email Compromise (BEC)

Recent Cases and Financial Impact

BEC remains among the costliest cyber-enabled crimes. The FBI’s Internet Crime Complaint Center (IC3) reports multi-billion-dollar annual losses attributed to BEC and vendor impersonation. In the latest available FBI IC3 report, BEC losses were approximately [STAT 3: Insert most recent FBI IC3 BEC loss figure, e.g., billions USD], with median transaction sizes of [STAT 4: Insert median/average BEC payment figure if available]. Vendor email compromises targeting accounts payable teams and invoice fraud continue to dominate. In recent months, industry responders report [STAT 5: Insert proportion of BEC cases involving vendor impersonation from a reputable firm].

How This Scam Works

  • Account takeover or lookalike domains impersonate CEOs, CFOs, or vendors.
  • Attackers insert themselves into ongoing email threads (“thread hijacking”), swapping wire instructions or changing bank details.
  • Payments are sent to new accounts controlled by fraudsters; funds are rapidly layered and moved.

Warning Signs

  • Sudden changes to payment details without previously scheduled notice and verification.
  • Subtle domain changes (acme-co.com vs. acmeco.com) and display-name spoofing.
  • Requests to keep the transaction confidential or bypass policy.

Protection Strategies

  • General consumers (freelancers/contractors): Confirm new payment details using a phone number already on file, not one provided in the email.
  • Business owners: Mandate call-back verification for any banking-change request; enforce segregation of duties and payment approval workflows.
  • Elderly users (small nonprofits/boards): Use a printed vendor list with verified phone numbers; never approve payment changes from email alone.
  • Tech-savvy users: Implement DMARC with enforcement, MFA on email, conditional access, and continuous phishing simulation training.

Tech Support Fraud

Recent Cases and Financial Impact

Tech support fraud targets all age groups but disproportionately harms older adults. IC3 reporting shows annual losses exceeding [STAT 6: Insert latest IC3 tech support fraud loss total], with [STAT 7: Insert victim count or proportion of victims aged 60+]. Common lures: fake “Microsoft” or “Apple” pop-ups, alarming phone calls, and search ads impersonating legitimate support desks.

How This Scam Works

  • Pop-up or call claims your device is infected; the scammer urges immediate remote access.
  • They “find” non-existent issues and demand payment, often via gift cards or crypto.
  • They may install remote tools or keyloggers, escalating to bank-draining “refund” scams.

Warning Signs

  • Unsolicited calls or browser pop-ups asking for remote access or payment.
  • Pressure to pay with gift cards, wire, or crypto for “security services.”
  • Instructions to keep the call secret from your bank or family.

Protection Strategies

  • General consumers: Use your device’s built-in support channels or official vendor websites you type yourself (not ads).
  • Elderly users: Post a “Do not trust pop-ups or callers” note near your computer; call a trusted family member before taking any action.
  • Business owners: Block remote-admin tools by policy, filter lookalike domains, and whitelist official support URLs.
  • Tech-savvy users: Run DNS filtering, application allowlisting, and EDR; disable PowerShell and remote tools for non-admins.

Cryptocurrency Investment and Draining Schemes

Recent Cases and Financial Impact

Crypto fraud continues to evolve: fake exchanges, “liquidity mining,” investment coach scams, and wallet-draining malware delivered via airdrops or phishing. Chainalysis and the FTC report billions in annual consumer losses tied to investment fraud, much of it crypto-related. In the latest reports: investment fraud losses reached approximately [STAT 8: Insert latest FBI/FTC investment fraud total], with median individual losses of [STAT 9: Insert current FTC median crypto loss amount]. Pig-butchering schemes remain pervasive, with cases involving cross-border human trafficking and industrial-scale operations [STAT 10: Insert latest law enforcement estimate of pig-butchering prevalence or dollars].

How This Scam Works

  • Relationship building: Scammers connect on social apps and build trust for weeks.
  • On-ramp: Victims are moved to fake investment platforms showing fabricated gains.
  • Lock-in: When victims try to withdraw, “taxes” or “fees” are demanded; more funds are solicited.
  • Drain: Funds go to mixers, cross-chain bridges, or high-risk exchanges.

Warning Signs

  • Strangers offering guaranteed crypto returns or insider “signals.”
  • Websites that won’t let you withdraw without paying extra fees.
  • Pressure to keep the opportunity secret from friends and banks.

Protection Strategies

  • General consumers: Independently verify platforms; check for regulatory registrations; avoid unsolicited investment advice.
  • Elderly users: Never move retirement funds based on a text or social media message; consult a trusted advisor first.
  • Business owners: Train finance teams on common crypto invoice and investment lures; block risky domains at the network layer.
  • Tech-savvy users: Use hardware wallets, revoke risky token approvals, and verify smart contracts in trusted explorers.

Romance and Social Engineering (Pig-Butchering)

Recent Cases and Financial Impact

Romance scams remain a top driver of large individual losses. The FTC’s latest consumer data shows losses exceeding [STAT 11: Insert latest FTC romance scam loss total], with a median loss of [STAT 12: Insert latest median]. Pig-butchering variants merge romance with investment fraud and are frequently linked to organized groups, with victims groomed for months before being defrauded.

How This Scam Works

  • Initial outreach via dating apps or messaging platforms with stolen profile photos.
  • Emotional connection built, then introduction of a “safe, profitable investment.”
  • Fake apps and dashboards show phantom gains to lure larger deposits.

Warning Signs

  • Love or partnership proposals arriving quickly, often with promises of financial mentorship.
  • Reluctance to video chat or meet in person; excuses about cameras or travel.
  • Requests for crypto or wire transfers; resistance to any third-party verification.

Protection Strategies

  • General consumers: Reverse-image search profile photos; never invest where you can’t withdraw small amounts immediately.
  • Elderly users: Ask a family member to review any investment proposal from an online acquaintance.
  • Business owners: Offer employee assistance programs and fraud-awareness briefings; social scams can spill into workplace fraud.
  • Tech-savvy users: Validate domain age, WHOIS records, and app publisher legitimacy; use separate devices for finance.

Phishing Evolution: Email, Smishing, and Vishing

Recent Cases and Financial Impact

Phishing remains the dominant initial access vector. The Verizon Data Breach Investigations Report (DBIR) finds the “human element” present in roughly two-thirds of breaches year over year. In the latest DBIR, this figure is about [STAT 13: Insert latest DBIR percentage for the human element]. Proofpoint reports widespread adoption of hybrid vishing/smishing to bypass email controls, with [STAT 14: Insert % of organizations targeted by vishing/smishing from latest Proofpoint report].

How This Scam Works

  • Email: AI-crafted messages mimic vendors, parcels, HR notices, and MFA prompts.
  • Smishing: Texts spoof banks or delivery services with malicious links.
  • Vishing: Call-center-style operations guide victims to enter credentials or install remote tools.

Warning Signs

  • Unexpected MFA prompts, password reset notices, or shipping updates for items you didn’t order.
  • Shortened URLs, mismatched sender domains, or requests for credentials/payment via links.
  • Urgent calls telling you to “verify” accounts or move money to a “safe” account.

Protection Strategies

  • General consumers: Use a password manager; enable phishing-resistant MFA where possible; type URLs instead of clicking.
  • Elderly users: Do not respond to texts with links; call your bank using the number on your card.
  • Business owners: Enforce FIDO2 security keys for admins, conditional access, and just-in-time privileges.
  • Tech-savvy users: Implement DMARC quarantine/reject, sandboxing, and behavioral ML; rotate phishing lures in monthly simulations.

Industry Expert Insights

What’s changing now:

  • AI lowers barriers: Audio/video deepfakes at consumer hardware speeds mean more real-time impostor calls.
  • Blended fraud: BEC merges with invoice redirect, supply-chain compromise, and deepfake voice approvals.
  • Crypto laundering matures: Cross-chain bridges and mixers accelerate cash-out; on-chain analytics improves clawback odds.
  • Identity is the perimeter: With phishing-resistant MFA adoption still limited [STAT 15: Insert latest % adoption of phishing-resistant MFA from a reputable source], credentials remain the weakest link.

Expect more “interactive scams” that combine AI voice/video, compromised chats, and staged documents to pass quick human checks. Policy-and-process controls (out-of-band verification, dual control, least privilege) beat any single tool.

Immediate Action Steps

  • Set a universal rule: No money moves without a known-number call-back and dual approval. No exceptions.
  • Turn on phishing-resistant MFA (security keys or platform passkeys) for email, cloud admin, and finance apps.
  • Freeze your credit (consumers) and require credit checks before any new payroll/bank changes (business).
  • Audit payments from the last 90 days for vendor bank-change requests; re-verify every change.
  • Block newly registered and lookalike domains at your DNS layer; enforce DMARC.
  • Train family and staff on deepfake red flags; practice verification drills monthly.
  • Prepare an incident playbook: contacts at your bank’s fraud desk, law enforcement reporting portals (IC3, FTC), and a 72-hour comms plan.

Conclusion

Tech-enabled fraud is evolving fast, but your defenses can evolve faster. Lock in out-of-band verification for payments, adopt phishing-resistant MFA, and rehearse your playbooks so the first time you face a deepfake or BEC attempt, you already know what to do. If you found this guide useful, share it with your family and finance team—and take 15 minutes today to implement one new control before the next email, text, or call arrives.

Related Posts