Every year since 2001, the FBI’s Internet Crime Complaint Center has published an annual report on cybercrime losses in the United States. Every year for the past decade, the number has gone up. The 2025 report, released this week, contains the highest figure the agency has ever published: $20.8 billion in total reported losses, a 26% increase over 2024 and a number that would have seemed implausible five years ago.

The IC3 received more than one million complaints in 2025 — also a record. Phishing and spoofing alone accounted for nearly one-fifth of all complaints, consistent with the trend toward autonomous AI-driven phishing campaigns that researchers have been tracking through early 2026.

The Breakdown by Category

Investment fraud was the top loss category for the third consecutive year, accounting for more than $8.6 billion. Within investment fraud, cryptocurrency investment scams — primarily pig-butchering operations — drove the majority of losses at more than $7.2 billion. These schemes, which involve months-long relationship-building followed by fake trading platform fraud, have grown from a niche category into the single largest financial fraud problem in America.

Cryptocurrency-linked fraud as a whole — spanning investment scams, ransomware payments, and other crypto-denominated crimes — accounted for $11.37 billion, or more than half of all reported cybercrime losses. That figure represents a 22% increase over 2024 and reflects both the rising price of cryptocurrency assets and the expanding scale of criminal networks running pig-butchering and related operations from compounds in Southeast Asia and the Middle East.

Business email compromise (BEC) generated approximately $3 billion in losses, making it the third-largest category. BEC attacks — where criminals compromise or spoof corporate email accounts to redirect wire transfers — have remained stubbornly persistent despite years of awareness campaigns, because they exploit financial workflows rather than technical vulnerabilities.

Tech support scams exceeded $2 billion for the first time. These attacks, which primarily target older adults through fake antivirus alerts and impersonator calls, have expanded significantly due to AI-generated voice calls that pass casual scrutiny.

For the first time in its history, the FBI’s IC3 report includes a dedicated section on AI-facilitated cybercrime.

The numbers: $893 million in losses from 22,364 complaints in 2025. The FBI classified a complaint as AI-facilitated when the victim reported that artificial intelligence was used in the attack — voice cloning, deepfake imagery, AI-generated impersonation text, or automated phishing tools.

That $893 million figure almost certainly undercounts the actual scale. Most victims of AI-enabled fraud do not identify the AI component in their complaint. A grandparent who sends money after receiving a call in their grandchild’s cloned voice typically reports it as a grandparent scam, not an AI scam. The IC3 acknowledges this limitation explicitly, noting that the AI fraud category captures only complaints where victims specifically mentioned AI as a factor.

Even as a floor estimate, $893 million in a single year — from a category that barely existed three years ago — represents one of the fastest-growing fraud vectors the FBI tracks.

Who Loses the Most

Adults aged 60 and older continue to suffer the highest per-victim losses. In 2025, seniors accounted for $4.35 billion in cryptocurrency fraud losses alone — 38% of the total crypto fraud category — despite representing a much smaller share of complaint volume. When seniors are targeted, they tend to lose more, reflecting the pig-butchering model’s tendency to target people with accumulated savings.

The states with the highest total losses were California, Texas, Florida, and New York — consistent with population size. But per-capita loss rates are higher in retirement-heavy states, reflecting the demographic concentration of pig-butchering targets.

What the Million-Complaint Threshold Means

Crossing one million complaints in a single year is more than a round number. It reflects a genuine shift in the scale at which fraud is operating.

At one million complaints, the IC3 is receiving roughly 2,700 complaints per day. That is the reported figure — the agency estimates that fewer than 15% of fraud victims file a formal complaint. At that underreporting rate, the actual volume of cybercrime incidents affecting Americans in 2025 was likely in the range of seven to ten million.

The $20.8 billion in reported losses, under the same underreporting assumptions, could represent actual losses in excess of $100 billion — a number that has surfaced in multiple academic models but remains difficult to verify precisely because of the reporting gap.

Why the Numbers Keep Going Up

The IC3 data reflects a fraud ecosystem that is industrializing faster than law enforcement can dismantle it. Several structural factors drive continued growth:

Scale economics of fraud-as-a-service: Criminal platforms now rent phishing kits, victim lists, money mule networks, and call center capacity. A small criminal group can launch enterprise-scale fraud without the overhead of building infrastructure.

Southeast Asian scam compounds: Thousands of workers — many trafficked — operate fraud operations from compounds in Myanmar, Cambodia, Laos, and the Philippines. Enforcement against compounds has accelerated in 2025–2026, but the infrastructure rebuilds faster than it is dismantled.

AI-enabled automation: The shift from human-operated to AI-assisted phishing and vishing dramatically reduces the per-target cost of a fraud attempt. What previously required a trained human operator to execute can now run at machine speed.

Cryptocurrency as a settlement layer: Crypto enables rapid movement of funds across jurisdictions in ways that make recovery increasingly difficult. The 48–72 hour window during which law enforcement can freeze stolen funds has not changed; the speed at which funds move through mixing and laundering pipelines has.

The FBI’s 2025 annual report will be the reference document for fraud policy discussions through the rest of 2026. The trajectory it documents — upward, faster — is the baseline against which every enforcement action and every new fraud law will be measured.