Imposters Scams Caused $3.5B in Losses in 2025

Data from the Untied States Federal Trade Commission (FTC) reveals Americans lost $3.5 billion to imposter scams in 2025. Since 2020, reported loses have tripled.
- $1 billion was lost to business impersonators
- $920 million was lost to government impersonators
- $2.1 billion was lost to scams on social platforms
Security Leaders Weigh In
Patrick Harr, Chief Executive Officer at DataVisor:
FTC’s latest numbers show that imposter scams are evolving from mass outreach into highly personalized financial crime. Fraudsters now have cheaper and better AI tools to create convincing messages, fake websites, cloned voices, and even deepfakes that make victims believe they are dealing with a trusted institution or person. That is especially dangerous in payments, because once a consumer is manipulated into authorizing the transfer, the transaction can look legitimate on the surface. Financial institutions need to look beyond static transaction rules and get better at detecting the warning signs earlier in the journey — suspicious behavior, recipient risk, mule-account linkages, and signals that a customer is being coached in real time.
Darren Guccione, CEO and Co-Founder at Keeper Security:
The FTC’s findings that Americans lost $3.5 billion to imposter scams last year, nearly triple the figure from 2020, are striking. The more instructive detail, however, is where those losses originated. Over $2.1 billion was traced back to social media platforms, and nearly one in three victims were first contacted through social channels. While it would be easy to view this as a consumer education problem, the reality is that this is an identity verification problem at an infrastructural scale.
What makes impersonation attacks so effective is the authenticity of the interaction. AI-generated voice, realistic messaging and convincing account impersonation have dramatically lowered the barrier to entry for fraudsters. The erosion of trust affects organizations as much as individuals. Business impersonation accounted for close to $1 billion in losses alone.
Recent research revealed that 41% of IT leaders highlighted deepfakes as the top identity-based threat. Our research also shows that AI-driven social engineering is now among the top concerns for security leaders globally, cited by 35% of respondents. It underlines how identity has become the high-value attack surface and how impersonation has emerged as the preferred vector.
Defense cannot rely on awareness alone. Phishing-resistant authentication, strong credential governance and real-time monitoring for identity-based anomalies are now the foundational controls that make impersonation attacks substantially harder to execute successfully. The scale of the losses reported by the FTC reflects what happens when those controls are absent or inconsistently applied.
Jason Soroko, Senior Fellow at Sectigo:
The 2025 FTC data reveals a shift in cybercrime. Impersonation has emerged as the preferred vector for attackers. Americans lost $3.5 billion to imposter scams in 2025, which represents a threefold increase since 2020. Fraudsters utilize texts, emails and phone calls to reach targets. The schemes with the highest losses involve bank impersonators who prompt victims to transfer funds to secure their accounts. Business and government impersonators accounted for nearly $2 billion in losses, contributing to $16 billion in overall fraud.
These figures underline how identity has become the high-value attack surface. Attackers bypass security perimeters by manipulating trust. Social platforms serve as a distribution channel for these operations. Victims reported $2.1 billion in losses originating from social media, an eightfold increase over five years. Facebook, WhatsApp, and Instagram facilitated a majority of these interactions. By exploiting authority, criminals access funds without breaching infrastructure.
Mika Aalto, Co-Founder and Chief Executive Officer at Hoxhunt
Impersonation scams are not new, but every year these attacks seem to undergo a metamorphosis that makes them harder to detect and resist, courtesy of rapidly evolving technological capabilities. Attackers can now combine AI-generated content, QR codes, social media impersonation, voice cloning, and even video deepfakes to create experiences that feel authentic across multiple channels and touch points in a complex attack chain. The technological barrier to executing these scams gets lower by the minute. Cyber-crime, unfortunately, is a growth industry.
The challenge is that we’re entering an era where people can no longer rely on their eyes and ears alone to verify identity. A message may appear to come from a trusted brand, a phone call may sound like a legitimate authority, and a video meeting may appear to include a real person. At the same time, attackers are getting better at using social media to build credibility and establish relationships before attempting fraud.
Criminals are still exploiting trust, authority, urgency and opportunity. What’s changing is their ability to deliver convincing impersonations at scale and across multiple touchpoints. That combination is making impersonation scams more believable, more personalized, and ultimately more successful than we’ve seen in the past.
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!








