$16.6 Billion Lost: Breaking Down the 2024 FBI IC3 Cybercrime Report
The 2024 FBI IC3 Report is out. And yes, BEC is still the biggest threat you’re ignoring.
$16.6 Billion Lost: Breaking Down the 2024 FBI IC3 Cybercrime Report
The 2024 FBI IC3 Report is out. And yes, BEC is still the biggest threat you’re ignoring.
Share article:
Will Looney
4 min
Education
Apr 24, 2025
Apr 24, 2025
Author's Note: This piece was co-authored by Matt O’Neill, Creator and Former Managing Director of the U.S. Secret Service’s Global Investigative Operations Center (GIOC) and the most decorated cyber-focused agent in agency history. Matt led the development of GIOC from the ground up, helping seize over $2 billion in illicit proceeds.
The FBI’s Internet Crime Complaint Center (IC3) released its 2024 report, and the story it tells is clear. Cybercrime is rising, and the losses are becoming more painful with every incident.
Victims reported $16.6 billion in total losses last year, a 33% increase over 2023. The average loss per incident jumped from $14,197 to $19,372.
It’s not just more fraud; it’s more damaging fraud. And if your business handles large transactions like estate closings, legal settlements, and financial disbursements, the risk is here and it’s growing.
Here’s what to know from the FBI’s latest analysis.
The same old play is still beating us
You might assume that such a big jump in losses is due to some sophisticated new attack method. While deepfakes, audio spoofing, and other forms of AI-enabled fraud indeed empower fraudsters, the truth is more frustrating.
The attacks that are winning aren’t new or sophisticated; they’re just effective.
According to the FBI, business email compromise (BEC) remains the second most profitable scam in cybercrime—bringing in $2.77 billion in reported losses last year alone. And that’s just the cases that made it to the IC3.
.png)
Why does BEC work so well? Because it relies on trust, routine, and just a little distraction. A spoofed email. A rushed wire. A well-timed follow-up pretending to be a client, lender, or colleague. And suddenly, six figures are gone.
BEC is the digital equivalent of someone walking in your front door because it was left unlocked. And fraudsters keep doing it because it keeps working.
For the teams that want to combat this threat, that means refocusing on the basics.
Mastering the basics, Lombardi style
There’s a lesson here that may feel oddly familiar to football fans.
Vince Lombardi, the legendary coach of the Green Bay Packers, built a dynasty not with flashy playbooks but with a single, brutally efficient run: the Packer Sweep.
The play was simple, and the execution was relentless.
Lombardi drilled it over and over until his players could run it in their sleep. Everyone knew it was coming—and they still couldn’t stop it. “We will run it, and we will run it again and again, until everybody in the stadium knows we’re going to run it—and we’ll still gain four yards,” he once said.
Business email compromise isn’t new or clever. Yet many organizations still haven’t mastered their basic plays to get yards on the fraudsters.
If cybercrime were a game, the fraudsters are currently winning. What businesses need today is a foundation built on simple, solid security in every process.
Cyber-enabled fraud: the broadening battlefield
According to the FBI, a major driver of the rise in losses was cyber-enabled fraud, which includes phishing, spoofing, tech support scams, and the aforementioned business email compromise. Think: anything that uses digital communication as the primary attack method.
Authorities found that cyber-enabled fraud:
- Accounted for 38% of all complaints submitted in 2024
- Was responsible for 83% of all losses reported to IC3
.png)
That’s more than $13.6 billion stolen through tactics that don’t rely on malware or hacking, but on social engineering and deception, often delivered through what looks like a perfectly normal email.
In other words, the damage isn’t done with sophisticated tools but with simple manipulation scaled for impact.
Recovery is possible, but don’t rely on it
Last year, the FBI made meaningful progress in recovering stolen funds through its Recovery Asset Team (RAT), which helped freeze over $561.6 million in 2024. That’s a major win, but only a fraction of the $16.6 billion lost.
And recovery isn’t guaranteed. Timing is everything. The sooner fraud is detected and reported, the better the chances of stopping a wire. But even then, international transfers and cryptocurrency scams make clawbacks incredibly difficult.
Cybercrime is a global affair
When funds are stolen in a wire fraud attack, they’re often routed to overseas bank accounts or cryptocurrency wallets, far outside the reach of U.S. financial institutions. According to the report, Hong Kong, Vietnam, and Mexico were the top destinations for these fraudulent transfers.
Many of these criminal enterprises operate like corporate structures—organized, efficient, and designed solely to extract money from victims.
.png)
You have a 24-hour recovery window
In most instances of wire fraud, victims have roughly 24 hours to successfully freeze funds before disappearing into untraceable accounts. With the speed of technology and modern payment systems, that’s increasingly being shortened to 12 hours (or less).
We launched Fraud Recovery Services to help victims and businesses navigate the confusing, time-sensitive process of trying to get their money back. From working with banks to coordinating with US Secret Service, our team has recovered millions for clients who otherwise would have had no path forward.
But we’ll be the first to say it: prevention is always better than recovery.
What you can do now
While the losses are alarming (and indeed record-breaking), you don’t need a brand-new playbook to stay safe. You need to run your basics better.
To ensure you don’t become the next victim statistic:
- Secure your communications: Don’t rely on unencrypted email for wiring instructions.
- Double-check everything: Always verify bank details, and never trust information provided in an email alone.
- Train your team and your clients: The best fraud prevention is awareness.
- Slow down, stay aware: Speed is the enemy of safety.
Businesses aren’t powerless against the rising tide of cybercrime. But we do need to stop pretending that this kind of fraud is someone else’s problem. The most damaging scams right now aren’t futuristic—they’re fundamental. And they’re banking on your inattention.
One last thought
In football, you win by executing the basics better than the other team. In fraud prevention, it’s no different. If your business handles large transactions, don’t wait for a wake-up call.
Run the play. Every time. No surprises, no shortcuts—just fundamentals done right.
Need a wire fraud prevention strategy you can actually run? Let’s talk.
Content Marketing Manager
Will is a Content Marketing Manager at CertifID. His multi-disciplinary experience as a copywriter and designer has powered growth for numerous consumer, tech, and real estate companies from the startup to enterprise level.
Author's Note: This piece was co-authored by Matt O’Neill, Creator and Former Managing Director of the U.S. Secret Service’s Global Investigative Operations Center (GIOC) and the most decorated cyber-focused agent in agency history. Matt led the development of GIOC from the ground up, helping seize over $2 billion in illicit proceeds.
The FBI’s Internet Crime Complaint Center (IC3) released its 2024 report, and the story it tells is clear. Cybercrime is rising, and the losses are becoming more painful with every incident.
Victims reported $16.6 billion in total losses last year, a 33% increase over 2023. The average loss per incident jumped from $14,197 to $19,372.
It’s not just more fraud; it’s more damaging fraud. And if your business handles large transactions like estate closings, legal settlements, and financial disbursements, the risk is here and it’s growing.
Here’s what to know from the FBI’s latest analysis.
The same old play is still beating us
You might assume that such a big jump in losses is due to some sophisticated new attack method. While deepfakes, audio spoofing, and other forms of AI-enabled fraud indeed empower fraudsters, the truth is more frustrating.
The attacks that are winning aren’t new or sophisticated; they’re just effective.
According to the FBI, business email compromise (BEC) remains the second most profitable scam in cybercrime—bringing in $2.77 billion in reported losses last year alone. And that’s just the cases that made it to the IC3.
Why does BEC work so well? Because it relies on trust, routine, and just a little distraction. A spoofed email. A rushed wire. A well-timed follow-up pretending to be a client, lender, or colleague. And suddenly, six figures are gone.
BEC is the digital equivalent of someone walking in your front door because it was left unlocked. And fraudsters keep doing it because it keeps working.
For the teams that want to combat this threat, that means refocusing on the basics.
Mastering the basics, Lombardi style
There’s a lesson here that may feel oddly familiar to football fans.
Vince Lombardi, the legendary coach of the Green Bay Packers, built a dynasty not with flashy playbooks but with a single, brutally efficient run: the Packer Sweep.
The play was simple, and the execution was relentless.
Lombardi drilled it over and over until his players could run it in their sleep. Everyone knew it was coming—and they still couldn’t stop it. “We will run it, and we will run it again and again, until everybody in the stadium knows we’re going to run it—and we’ll still gain four yards,” he once said.
Business email compromise isn’t new or clever. Yet many organizations still haven’t mastered their basic plays to get yards on the fraudsters.
If cybercrime were a game, the fraudsters are currently winning. What businesses need today is a foundation built on simple, solid security in every process.
Cyber-enabled fraud: the broadening battlefield
According to the FBI, a major driver of the rise in losses was cyber-enabled fraud, which includes phishing, spoofing, tech support scams, and the aforementioned business email compromise. Think: anything that uses digital communication as the primary attack method.
Authorities found that cyber-enabled fraud:
- Accounted for 38% of all complaints submitted in 2024
- Was responsible for 83% of all losses reported to IC3
That’s more than $13.6 billion stolen through tactics that don’t rely on malware or hacking, but on social engineering and deception, often delivered through what looks like a perfectly normal email.
In other words, the damage isn’t done with sophisticated tools but with simple manipulation scaled for impact.
Recovery is possible, but don’t rely on it
Last year, the FBI made meaningful progress in recovering stolen funds through its Recovery Asset Team (RAT), which helped freeze over $561.6 million in 2024. That’s a major win, but only a fraction of the $16.6 billion lost.
And recovery isn’t guaranteed. Timing is everything. The sooner fraud is detected and reported, the better the chances of stopping a wire. But even then, international transfers and cryptocurrency scams make clawbacks incredibly difficult.
Cybercrime is a global affair
When funds are stolen in a wire fraud attack, they’re often routed to overseas bank accounts or cryptocurrency wallets, far outside the reach of U.S. financial institutions. According to the report, Hong Kong, Vietnam, and Mexico were the top destinations for these fraudulent transfers.
Many of these criminal enterprises operate like corporate structures—organized, efficient, and designed solely to extract money from victims.
You have a 24-hour recovery window
In most instances of wire fraud, victims have roughly 24 hours to successfully freeze funds before disappearing into untraceable accounts. With the speed of technology and modern payment systems, that’s increasingly being shortened to 12 hours (or less).
We launched Fraud Recovery Services to help victims and businesses navigate the confusing, time-sensitive process of trying to get their money back. From working with banks to coordinating with US Secret Service, our team has recovered millions for clients who otherwise would have had no path forward.
But we’ll be the first to say it: prevention is always better than recovery.
What you can do now
While the losses are alarming (and indeed record-breaking), you don’t need a brand-new playbook to stay safe. You need to run your basics better.
To ensure you don’t become the next victim statistic:
- Secure your communications: Don’t rely on unencrypted email for wiring instructions.
- Double-check everything: Always verify bank details, and never trust information provided in an email alone.
- Train your team and your clients: The best fraud prevention is awareness.
- Slow down, stay aware: Speed is the enemy of safety.
Businesses aren’t powerless against the rising tide of cybercrime. But we do need to stop pretending that this kind of fraud is someone else’s problem. The most damaging scams right now aren’t futuristic—they’re fundamental. And they’re banking on your inattention.
One last thought
In football, you win by executing the basics better than the other team. In fraud prevention, it’s no different. If your business handles large transactions, don’t wait for a wake-up call.
Run the play. Every time. No surprises, no shortcuts—just fundamentals done right.
Need a wire fraud prevention strategy you can actually run? Let’s talk.
Content Marketing Manager
Will is a Content Marketing Manager at CertifID. His multi-disciplinary experience as a copywriter and designer has powered growth for numerous consumer, tech, and real estate companies from the startup to enterprise level.
Sign up for The Wire to join the conversation.
Latest articles
.png)
.png)
