Losses resulting from cyber-enabled crimes went up 26% year-over-year in 2025, narrowly missing the $21 billion mark, according to the latest annual report from the FBI’s Internet Crime Complaint Center (IC3).
Last year, the FBI received 1,008,597 complaints reporting $20.877 billion in losses, up from 860,000 complaints and $16.6 billion in losses reported in 2024.
According to the FBI’s report (PDF), nearly one-fifth of the complaints reported phishing/spoofing crimes, with extortion and investment crimes rounding up the top three.
When it comes to reported losses, investment crimes took the lead with over $8.6 billion, followed by business email compromise (BEC) at $3 billion, and tech support scams at $2.1 billion. Just over $122 million was reported in losses to extortion crimes.
The FBI says cryptocurrency investment fraud was the most lucrative type of crime last year, causing over $7.2 billion in reported losses.
Victims are typically approached through texts, social media, ads, or dating apps, are introduced to investment groups claiming to offer guidance, and are enticed to send assets to fake investment scam platforms or apps.
“Eventually, when the victims try to withdraw their money, they will be charged taxes and fees as a final attempt to exploit money from the victims before the scammers disappear with all the victims’ funds. Victims are also targeted in recovery scams, claiming to help recover lost funds,” the IC3 report reads.
The FBI received over 5.2 million complaints of malicious activity over the past six years, with the total reported losses exceeding $70 billion.
The IC3 report also draws attention to cyber threats such as network hijacking, crypto thefts, and corporate espionage, many of which are mounted by state-sponsored threat actors.
In 2025, the FBI says, it received numerous complaints regarding data breaches, and botnet, malware, ransomware, and SIM swap attacks.
Reported losses to ransomware exceeded $32 million in 2025, with Akira, Qilin, INC./Lynx/Sinobi, BianLian, Play, Ransomhub, Lockbit, Dragonforce, Safepay, and Medusa being the top ten variants to hit critical manufacturing, healthcare and public health, and government entities.
Related: FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
Related: Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI
Related: Ransomware Losses Climb as AI Pushes Phishing to New Heights
Related: The New Rules of Engagement: Matching Agentic Attack Speed
