In 2025 the FBI’s Internet Crime Complaint Center (IC3) received over 1,000,000 complaints from the public about cyber-enabled crime and fraud. That’s almost 3,000 complaints per day. The dollar losses of these internet-related crimes against businesses and individuals is staggering — over $17.7 BILLION in 2025. The FBI is certain the total losses are higher, since many victims of Internet crimes don’t report their experiences. A more recent estimate puts that number much higher, with annual losses to Americans totaling a staggering $119 billion per year.

Online crimes against the public are exploding. Hackers are targeting all age groups, but the largest number of complaints reported to the FBI (and dollars lost) is higher for the 40+ demographic, and notably highest among those 60+. This makes sense when you consider that wealth typically concentrates among the older/elderly, they tend to be somewhat more vulnerable, and hackers prefer to target victims with lots of money.

Concert Tickets — In 2024 Hackers Made $600,000 Selling Stolen Taylor Swift Concert Tickets

Sensitive Legal Evidence and Documents — Private investigators hire mercenary hackers to steal private or attorney-client privileged information from the email inboxes of lawfirms. Hired hacker spies have become the secret weapon of litigants seeking an edge.

$475,000 Settlement In A Personal Injury Case — A law firm defended a restaurant in a personal injury case. They settled for $475,000. Payment details flew back and forth over email. But a hacker posed as the plaintiff's lawyer, sent fake wire instructions, and no one caught it. The law firm wired the money — straight into the hacker's account. Gone. The law firm wound up paying the $475,000 twice — a very painful (but avoidable) million dollar lesson.

Employee Salaries — Microsoft issued warnings about 'Payroll Pirates' hijacking Workday to steal employee salaries. And not just Workday, but other human resources (HR) platforms, too. These particular Digital Kleptos™ don't exploit any security flaw in the services themselves. They use trickery and a lack of multi-factor authentication (MFA) to seize control of employee accounts. Then they modify payment information to route your hard-earned salary to their own criminal accounts. In another painful example, hackers stole the salary of a Belgian member of Parliament using a simple fraudulent email.

$85,000 Stolen During A Fake Tech Support Call — A retired lawyer needed help with his iPad, and eventually tried to call tech support. But instead of dialing Microsoft to help him connect his email, the phone number he found on Google put him in touch with cybercriminals. Over the next 5 hours, Digital Kleptos™ made a wire transfer of $85,000 from Mr. Welles’ checking account. His bank declined to refund the money.

Blood Test Results — Hackers in England stole and published information about patients’ sexually transmitted infections and cancer cases. More than a year after this intimate data was splashed online, the hacked company says it’s beginning the process that will notify the individuals impacted. The damage was so severe it contributed to the death of at least one patient, which means the hackers didn’t just steal data, they stole a life.

Psychotherapy Patient Database — In 2018 a Finnish criminal hacker unlawfully accessed and copied the patient database of Psychotherapy Centre Vastaamo. Then he sent extortion demands to the clinic and directly to its patients, leaking bits of their sensitive patient information online to encourage payment of his ransom demands. Thankfully this particular Digital Klepto™ was caught, prosecuted, tried, found guilty, and sentenced to 6 years and 3 months in prison. BBC news recently published a podcast series detailing the hacking, extortion of victims, and the impact on the therapy center’s patients.

Mountains of Patient Medical Records — Healthcare software giant Epic Systems sued several companies, accusing them of stealing more than 300,000 patient medical records then selling them to attorneys looking for clients. The stolen medical records include patient names, diagnoses, lab testing, medications and more, according to Epic, and it was accessed and sold without patient knowledge or consent. Epic accused the companies of violating the federal Health Insurance Portability and Accountability Act, better known as HIPAA, which governs the privacy of patient medical information.

Multiple Luxury Hotel Stays — A 20-year-old hacker from Spain used a cyber attack to alter the payment system of an upscale hotel, staying several times, which cost the business more than $23,608 in losses. He also raided the mini-bars and didn't settle some of those tabs, either. Police eventually arrested him during a 4-night reservation for a room costing $1,179/night. He hacked the payment system to charge only $.01/night. Now he may be facing a free stay at a mini-bar free, unluxurious facility for his alleged crimes. A penny for your thoughts?

$255,000 Down Payment For A New Home — After months of house-hunting, Reagan Bartlo and her husband finally founeir dream home. A few days before closing, Reagan received an email she thought was from her title company. The email provided instructions on how to wire the money for closing. She wired the $255,000 down payment per the email’s instructions. But on closing day she discovered that the email wasn’t from her title company, but from a hacker, who had stolen the entire down payment. "At that point, my whole world fell apart because I had already wired all of the down payment money for our house. And so our nest egg, our savings, everything at that moment was gone."

Parking Meter Payments — A city in England found that every one of their 370 parking ticket machines had been targeted with malignant QR Codes. Investigators found that more than 400 car parks were affected by the scams, and over 20 hospitals had their parking lots targeted. Those British Digital Kleptos™ on the other side of the pond have been busy! They placed fraudulent stickers on parking meters, offering what seemed like a quick and easy way to pay. But once scanned, the fake QR Codes directed people to websites that enabled the hackers to steal funds and gather banking details. Victims of these QR Code scams initially lose between £40 - £406 each. Victims are also unknowingly signed up to bogus subscriptions that repeatedly take money from their accounts. Turns out this epidemic of QR Code scams in the UK is part of an international fraud network centering around a business in Dubai. Police forces across Europe and the UK searched locations around the world and arrested 18 people in a massive operation against these scam networks.

Sports Betting Account Takeovers — As of 2025, 38 U.S. states and Washington, D.C., have authorized sports betting in at least one form – either through online platforms, at retail sportsbooks, or both. Worldwide, consumers are projected to spend USD 90 billion by 2032. All of that cash sitting in online sports betting accounts is a very juicy target for Digital Kleptos™ all over the World. And these online betting accounts are typically tied to banking accounts used by consumers to transfer funds in or out.  Hackers are taking over these sports betting accounts, locking the rightful owners out, stealing funds, and leaving a shocking and painful $0 balance when they’re done.

Social Security Benefits — Hackers change direct deposit settings in Social Security accounts, which redirects the recipient’s benefits to a criminal’s bank account. Mark Huffman received a letter informing him that the bank account change he requested had been completed. But he never requested one. Fortunately this story had a positive resolution, and the hackers didn’t get any of Mark’s benefits. When this happened to Marge Birenbaum, a local Social Security representative said this type of Internet hacking happens “all the time.” 

Entire Truckloads Of Electronics, Beverages And Other Goods — There’s a modern-day train heist happening across America, and this time, some of the bandana-masked robbers are sitting behind screens. Cybercriminals are attacking trucking, freight, and logistics companies, impersonating brands and even diverting real cargo shipments to unapproved locations so that the stolen goods can be sold or shipped elsewhere for profit. In this “marriage of cybercrime and organized crime,” often the Digital Kleptos™ go after 18-wheelers loaded with food, beverages, $400,000 worth of lobster headed to Costco, or a million dollars worth of vapes. Energy drinks are often stolen and shipped overseas because some of them are banned or restricted outside the U.S. Often these hackers succeed because trucking company employees saved their passwords in their browser. Two tractor-trailers picked up 80,000 pounds of beef, valued at $350,000, from a slaughterhouse in northeastern Tennessee, and then vanished. In December 2025, there were thefts of beef in Texas (valued at $161,000), chocolate in New Jersey ($150,000) and blueberries and kiwis, also in New Jersey ($160,000).

Alaska Airlines Frequent Flyer Miles — Hackers gained access to multiple customer accounts, then canceled their booked flights and stole their frequent flyer miles. Hackers likely resold the stolen miles to someone else on a third party site. One of the targets of this attack, Julie Horgan, is now sharing her story as a warning to other frequent flyers. “People need to know this so they can protect themselves and protect their miles,” she said. “I wish I would’ve known. I wish I could’ve been proactive — change my PIN, change my email … just be more aware of this stuff.”

Payments For Cars — A Pennsylvania couple sent $45,000 to a car dealership while purchasing a Lexus SUV. But the SUV never arrived. A cyber hacker created a convincing imitation auto dealership website and then cloned legitimate CARFAX listings from other reputable auto dealers. Another victim lost $18,000 trying to buy the exact same Lexus hat he found advertised on a different fraudulent website.

Pharmacist Stealing Passwords — For 10 years, a trusted hospital pharmacist allegedly stole coworkers’ passwords, including for bank accounts, home surveillance systems, emails, dating apps and other accounts. He downloaded private photographs, videos and personal information, and even remotely activated webcams in exam rooms for telehealth sessions.

Emptying Bank Accounts — Cathy, a 70-year-old retiree, answered a call from an unknown number. On the other end of the line was a man who tricked her into allowing him to drain her bank account. Another hacker group bought fraudulent ads on major search engines designed to look like legitimate links from well-known banks. Users who clicked on the ads believed they were being directed to their bank’s website but were instead routed to counterfeit pages controlled by the criminals. In 2025, the FBI’s Internet Crime Complaint Center has received more than 5,100 complaints tied to such schemes, with reported losses exceeding $262 million. Hackers have even figured out a way to automate stealing bank account balances with no interaction from the account owner. More often than not, consumers don’t get their stolen money returned.

Credit Card Accounts — After gaining control of her phone, hackers ripped off Avery Hartmans for $10,000. Even worse, her credit card company didn’t believe the charges were fraudulent. Three weeks shy of her wedding, she was saddled with $9,778.24 in debt. Last year, 62 million Americans had fraudulent charges on their credit or debit cards, and 92% of unauthorized transactions involve credit cards that weren’t lost or physically stolen. Last year’s total: $6.2 billion.

Cryptocurrency Accounts — Hackers create convincing imitation websites to steal private keys and seed phrases, or employ SIM-swapping techniques by taking control of victims’ phone numbers. Once cryptocurrency assets are transferred out of a victim’s account, they’re gone permanently. Cryptocurrency hacking has even moved offline into the physical world, with kidnapping attempts in broad daylight and night-time home invasions at gunpoint.

In 2025, the FBI’s Internet Crime Complaint Center (IC3) received over 1,000,000 complaints from the public about cyber-enabled crime and fraud. That’s almost 3,000 complaints per day. The dollar losses of these internet-related crimes against businesses and individuals is staggering — over $17.7 BILLION in 2025. The FBI is certain the total losses are higher, since many victims of Internet crimes don’t report their experiences. A more recent estimate puts that number much higher, with annual losses to Americans totaling a staggering $119 billion per year.

Cryptocurrency investment scams accounted for the highest single source of financial fraud, accounting for $7.2 billion in losses to victims alone. Cryptocurrency scams often promise a high return on investments, but the victim sees nothing of the sort: instead, the fraudsters disappear with the stolen cryptocurrency.

Business Email Compromise (BEC) fraud is listed as the second most financially costly cybercrime during 2025, accounting for over $3 billion in losses.

Fake tech or customer support scams cost victims over $2 billion during the period, making it the third largest form of internet fraud.

AI-enabled fraud cost victims a combined total of nearly $893 million in 2025, with the FBI receiving 22,364 complaints related to artificial intelligence.

Danny Palmer, Deputy Editor of Infosecurity Magazine, quoted the latest FBI report:

“AI-enabled synthetic content is becoming increasingly difficult to detect and easier to make, which allows criminal actors to potentially conduct successful fraud schemes against individuals, businesses and financial institutions.”

Danny continued with this summary:
AI-generated content has been used in phishing emails as well as full-fledged audio and video deepfakes, all of which fraudsters can abuse to trick victims into transferring money. This can range from romance scams to the use of entirely fake online personas which are exploited to apply for and get hired to remote jobs, with that access then used to defraud the company.

The increasing volume of cybercrimes against the public makes me ask . . . what can we do to keep our money in our own accounts, and out of the pockets of these international criminals?

It’s less complicated than you might think, since mastering The Basics can go a long way toward keeping you safe online. They are:

✔ Know The Basics — Understand how the world has changed, and what you can do about it.
✔ Modern Passwords — Create and use strong, unique, Modern Passwords for each online account.
✔ Password Manager — Use a high-quality Password Manager to create, remember and type the passwords for your online accounts.
✔ Diceware Passphrase — Craft and use a Diceware Passphrase to lock down your Password Manager.
✔ Multi-factor Authentication (MFA) — Implement MFA for each online account that offers it.

There are no guarantees in life. But fortunately, these 5 foundational building blocks are proven to work extremely well. You can massively stack the deck in your favor by intelligently adding each one to your online experience.

This advice comes straight from The Electronic Frontier Foundation (EFF), so you know it’s reliable.

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette