Digital Kleptos Are Actively Stealing Our Accounts, Our Money — And Our Peace of Mind

In 2024 the FBI’s Internet Crime Complaint Center (IC3) received 859,532 complaints from the public about cyber-enabled crime and fraud. That’s more than 2,000 complaints per day. The dollar losses of these internet-related crimes against businesses and individuals is staggering — over $16 BILLION in 2024, up more than 33% from the previous year. The FBI is certain the total losses are higher, since many victims of Internet crimes don’t report their experiences.

Online crimes against the public are exploding. Hackers are targeting all age groups, but the largest number of complaints reported to the FBI (and dollars lost) is higher for the 40+ demographic, and notably highest among those 60+. This makes sense when you consider that wealth typically concentrates among the older/elderly, they tend to be somewhat more vulnerable, and hackers prefer to target victims with lots of money.

Exactly what are these Digital Kleptos™ stealing?

Concert Tickets — In 2024 Hackers Made $600,000 Selling Stolen Taylor Swift Concert Tickets

Sensitive Legal Evidence and Documents — Private investigators hire mercenary hackers to steal private or attorney-client privileged information from the email inboxes of lawfirms. Hired hacker spies have become the secret weapon of litigants seeking an edge.

$475,000 Settlement In A Personal Injury Case — A law firm defended a restaurant in a personal injury case. They settled for $475,000. Payment details flew back and forth over email. But a hacker posed as the plaintiff's lawyer, sent fake wire instructions, and no one caught it. The law firm wired the money — straight into the hacker's account. Gone. The law firm wound up paying the $475,000 twice — a very painful (but avoidable) million dollar lesson.

Employee Salaries — Microsoft issued warnings about 'Payroll Pirates' hijacking Workday to steal employee salaries. And not just Workday, but other human resources (HR) platforms, too. These particular Digital Kleptos™ don't exploit any security flaw in the services themselves. They use trickery and a lack of multi-factor authentication (MFA) to seize control of employee accounts. Then they modify payment information to route your hard-earned salary to their own criminal accounts. In another painful example, hackers stole the salary of a Belgian member of Parliament using a simple fraudulent email.

$85,000 Stolen During A Fake Tech Support Call — A retired lawyer needed help with his iPad, and eventually tried to call tech support. But instead of dialing Microsoft to help him connect his email, the phone number he found on Google put him in touch with cybercriminals. Over the next 5 hours, Digital Kleptos™ made a wire transfer of $85,000 from Mr. Welles’ checking account. His bank declined to refund the money.

Blood Test Results — Hackers in England stole and published information about patients’ sexually transmitted infections and cancer cases. More than a year after this intimate data was splashed online, the hacked company says it’s beginning the process that will notify the individuals impacted. The damage was so severe it contributed to the death of at least one patient, which means the hackers didn’t just steal data, they stole a life.

Psychotherapy Patient Database — In 2018 a Finnish criminal hacker unlawfully accessed and copied the patient database of Psychotherapy Centre Vastaamo. Then he sent extortion demands to the clinic and directly to its patients, leaking bits of their sensitive patient information online to encourage payment of his ransom demands. Thankfully this particular Digital Klepto™ was caught, prosecuted, tried, found guilty, and sentenced to 6 years and 3 months in prison. 

$255,000 Down Payment For A New Home — After months of house-hunting, Reagan Bartlo and her husband finally founeir dream home. A few days before closing, Reagan received an email she thought was from her title company. The email provided instructions on how to wire the money for closing. She wired the $255,000 down payment per the email’s instructions. But on closing day she discovered that the email wasn’t from her title company, but from a hacker, who had stolen the entire down payment. "At that point, my whole world fell apart because I had already wired all of the down payment money for our house. And so our nest egg, our savings, everything at that moment was gone."

Sports Betting Account Takeovers — As of 2025, 38 U.S. states and Washington, D.C., have authorized sports betting in at least one form – either through online platforms, at retail sportsbooks, or both. Worldwide, consumers are projected to spend USD 90 billion by 2032. All of that cash sitting in online sports betting accounts is a very juicy target for Digital Kleptos™ all over the World. And these online betting accounts are typically tied to banking accounts used by consumers to transfer funds in or out.  Hackers are taking over these sports betting accounts, locking the rightful owners out, stealing funds, and leaving a shocking and painful $0 balance when they’re done.

Social Security Benefits — Hackers change direct deposit settings in Social Security accounts, which redirects the recipient’s benefits to a criminal’s bank account. Mark Huffman received a letter informing him that the bank account change he requested had been completed. But he never requested one. Fortunately this story had a positive resolution, and the hackers didn’t get any of Mark’s benefits. When this happened to Marge Birenbaum, a local Social Security representative said this type of Internet hacking happens “all the time.” 

Entire Truckloads Of Electronics, Beverages And Other Goods — There’s a modern-day train heist happening across America, and this time, some of the bandana-masked robbers are sitting behind screens. Cybercriminals are attacking trucking, freight, and logistics companies, impersonating brands and even diverting real cargo shipments to unapproved locations so that the stolen goods can be sold or shipped elsewhere for profit. In this “marriage of cybercrime and organized crime,” often the Digital Kleptos™ go after 18-wheelers loaded with food, beverages or a million dollars worth of vapes. Energy drinks are often stolen and shipped overseas because some of them are banned or restricted outside the U.S. Often these hackers succeed because trucking company employees saved their passwords in their browser.

Alaska Airlines Frequent Flyer Miles — Hackers gained access to multiple customer accounts, then canceled their booked flights and stole their frequent flyer miles. Hackers likely resold the stolen miles to someone else on a third party site. One of the targets of this attack, Julie Horgan, is now sharing her story as a warning to other frequent flyers. “People need to know this so they can protect themselves and protect their miles,” she said. “I wish I would’ve known. I wish I could’ve been proactive — change my PIN, change my email … just be more aware of this stuff.”

Payments For Cars — A Pennsylvania couple sent $45,000 to a car dealership while purchasing a Lexus SUV. But the SUV never arrived. A cyber hacker created a convincing imitation auto dealership website and then cloned legitimate CARFAX listings from other reputable auto dealers. Another victim lost $18,000 trying to buy the exact same Lexus hat he found advertised on a different fraudulent website.

Pharmacist Stealing Passwords — For 10 years, a trusted hospital pharmacist allegedly stole coworkers’ passwords, including for bank accounts, home surveillance systems, emails, dating apps and other accounts. He downloaded private photographs, videos and personal information, and even remotely activated webcams in exam rooms for telehealth sessions.

Emptying Bank Accounts — Cathy, a 70-year-old retiree, answered a call from an unknown number. On the other end of the line was a man who tricked her into allowing him to drain her bank account. Another hacker group bought fraudulent ads on major search engines designed to look like legitimate links from well-known banks. Users who clicked on the ads believed they were being directed to their bank’s website but were instead routed to counterfeit pages controlled by the criminals. In 2025, the FBI’s Internet Crime Complaint Center has received more than 5,100 complaints tied to such schemes, with reported losses exceeding $262 million. Hackers have even figured out a way to automate stealing bank account balances with no interaction from the account owner. More often than not, consumers don’t get their stolen money returned.

Credit Card Accounts — After gaining control of her phone, hackers ripped off Avery Hartmans for $10,000. Even worse, her credit card company didn’t believe the charges were fraudulent. Three weeks shy of her wedding, she was saddled with $9,778.24 in debt. Last year, 62 million Americans had fraudulent charges on their credit or debit cards, and 92% of unauthorized transactions involve credit cards that weren’t lost or physically stolen. Last year’s total: $6.2 billion.

Cryptocurrency Accounts — Hackers create convincing imitation websites to steal private keys and seed phrases, or employ SIM-swapping techniques by taking control of victims’ phone numbers. Once cryptocurrency assets are transferred out of a victim’s account, they’re gone permanently. Cryptocurrency hacking has even moved offline into the physical world, with kidnapping attempts in broad daylight and night-time home invasions at gunpoint.

What Can We Do About This Explosion In Online Theft?

How do we beat these Digital Kleptomaniacs™ at their own game?

Become aware of The Basics.

We’re now living a huge portion of our modern lives online. Hackers and scammers are targeting all age groups and demographics. No cavalry is triumphantly galloping over the hill to save us, so it’s up to us to do what we can to make ourselves safer online.

Thankfully staying safe online doesn’t have to be hard or complicated. First, we can forget about old, outdated cybersecurity advice. Then, one by one, each of us can master The Basics:

✔ Know The Basics — Understand how the world has changed, and what you can do about it.

✔ Modern Passwords — Create and use strong, unique, Modern Passwords for each online account.

✔ Password Manager — Use a high-quality Password Manager to create, remember and type the passwords for your online accounts.

✔ Diceware Passphrase — Craft and use a Diceware Passphrase to lock down your Password Manager.

✔ Multi-factor Authentication (MFA) — Implement MFA for each online account that offers it.

There are no guarantees in life. But fortunately, these 5 foundational building blocks are proven to work extremely well. You can massively stack the deck in your favor by intelligently adding each one to your online experience.

This adventure in online security doesn’t have to be hard or overwhelming. And you don’t need to do it all at once — brick by brick, layer by layer, add each one of The Basics to your day-to-day online life.

Then pop a cork! You deserve to celebrate what you’ve accomplished!

Join us on this adventure

Much about the online world is outside our sphere of control. But there are ways to stack the deck in our favor. Consumers have been using the Internet since the 1990s, and now we know from painful experience what can go wrong, and what to do about it

We need to tell cybersecurity stories more persuasively to a much wider audience.

Every Tuesday, The Digital Kleptos™ newsletter provides you with:

• Up-to-date information about what can go wrong when using the Internet.

• Useful, actionable advice you can use to keep yourself and your family safer online.

• Thoughtful cybersecurity analysis — sometimes from a very different point of view.

• Impactful cybersecurity stories that appeared in mainstream media, perfect for persuasively engaging non-technical staff, family or friends.

• If you’re a cyber newbie, you’ll benefit from bite-sized, easily digestible advice.

• If you’re a cyber pro, you’ll find different ways to describe cyber issues using words, phrases and images more likely to resonate with typical consumers. This will help build a bridge between the technical folks and the rest of us.

Join us

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette

Digital Kleptos™