Hey lil Fishies 🐟
If 2025 felt like every day was scam season, you’re not imagining it.
New data from the Federal Trade Commission (FTC) shows U.S. consumers reported losing more than $12.5 billion to fraud in 2024, a 25% jump from 2023. Although the overall number of reports didn’t increase very much, the amount of people who reported actually losing money to the scam increased by over 10%.
Early 2025 reports are pointing to the same ugly pattern: fewer people think they’re falling for scams, but the average dollar loss is heading up, not down.
This isn’t just something that happens to “other people” – Small and mid-sized businesses (SMBs) are getting hit too, and it’s their employees taking the bait!
At Fisher’s Technology, our IT team is very familiar at fighting these type of scams while helping businesses across Idaho, Montana, Washington, and Utah lock down their networks and keep staff trained up.
So let’s break down 2025’s Scam MVPs (Most Vicious Phish) that contributed to this data, highlight the good news from the year, and review what you can do in 2026 to keep playing hard-to-phish!
Most Vicious Phish: Investment & Crypto Scams
If scammers had a favorite lure this year, it was “guaranteed growth.”
The FTC’s 2024 data shows that investment scams caused about $5.7–$5.8 billion in reported losses, more than any other category, and that curve is still climbing into 2025.
According to a 2025 analysis from The Motley Fool, the U.S. is on track to surpass those investment scam numbers:
- A record 118,000+ investment scams were reported in 2024.
- Through the first half of 2025, scammers had already collected about $939 million in cryptocurrency, up from $667 million in the first half of 2024.
Other research notes that fraudulent crypto investment schemes alone drove around $5.9 billion in losses in 2024, and that many of these schemes unfortunately targeted older investors.
What this looked like in 2025
- Fake “AI trading bots” that promise steady daily or weekly returns
- Long-term “pig-butchering” scams combining online romance + investing
- Fake platforms with slick dashboards that show “profits” that never actually exist
- Social media “experts” or new “friends” pushing special insider opportunities
If someone guarantees you high returns with no real risk, that’s not a strategy – it’s a scam dressed like a suit.
Business angle: why SMBs should care
These scams don’t always stop at personal bank accounts:
- Employees are being nudged to use corporate cards or business accounts to fund “short-term investments” or vendor “crypto discounts.”
- Fraudsters sometimes position these as “strategic investments” or “treasury opportunities,” especially in smaller organizations where one person wears a lot of hats.
How to avoid the hook in 2026
- Treat guaranteed or above-market returns as an automatic red flag.
- Verify advisors and offers through official regulator sites and your own bank or CPA – never through a link in a DM!
- As a business, require a second human check (and written policy) for any new investment platform or large transfer.
Scam Trend #2: Imposter & Phishing Scams – Cosplay for Criminals
Runner-up for Scam MVP: impersonation scams (the criminal version of cosplay) and old-school phishing – now with a 2025 AI glow-up.
The Identity Theft Resource Center reports:
- Impersonation scams jumped 148% from 2023 to 2024.
- Impersonation scams are now the top reported scam type in their victim data.
- Most involve criminals posing as a business (51%) or a financial institution (21%).
The FTC’s fraud numbers show business and government impostor scams accounted for nearly $3 billion in losses in 2024 – and regulators responded with a new Government and Business Impersonation Rule, enforced through 2025.
What this looked like in 2025
For individuals:
- Fake IRS, Social Security, or police calls demanding immediate payment or personal info
- “This is your bank…” texts with login links
- Delivery scams and QR codes leading to fake sign-in pages
For businesses:
- “From the CEO” emails asking accounting to wire funds ASAP
- “Updated vendor banking details” with a new routing number controlled by criminals
- Fake Microsoft 365 / VPN / payroll login pages capturing credentials
The FBI continues to describe Business Email Compromise (BEC) as one of the most financially damaging online crimes, with cumulative BEC losses over the last three years nearing $8.5 billion according to an April 2025 Nacha analysis of FBI data.
AI makes it worse
The Interstate Technology & Regulatory Council (ITRC) and security outlets note that AI tools now help criminals:
- Clone writing style from previous real emails
- Generate perfect grammar and jargon for your industry
- Scale phishing and impersonation attacks across multiple channels
So that sketchy email from “your CEO” doesn’t look all that sketchy anymore – BE CAREFUL!!
Scam Trend #3: AI-Powered Account Takeovers & Invoice Fraud – Rookie of the Year!
If 2024 was the year AI joined the scam game, 2025 is the year it went pro.
In late 2025, the FBI reported that account takeover (ATO) scams in the U.S. had already caused more than $262 million in losses in 2025, across 5,100+ complaints. Criminals used phishing messages, fake sites, and social engineering calls to trick people into sharing passwords and MFA codes, then drained bank, payroll, and savings accounts.
At the same time, Business Email Compromise (BEC) 3.0 has become a thing:
- Nacha highlights that BEC remains a pervasive threat with staggering cumulative losses.
- Security researchers describe “BEC 3.0” as AI-powered fraud where attackers use generative models to craft flawless, context-rich emails, and even deepfake voice calls from people in high-power positions, like “the CFO.”
- Mimecast threat research shows AI-generated invoice fraud campaigns that build fake replies into existing threads, complete with matching signatures and realistic attachments.
What this looked like for SMBs in 2025
- Accounting receives an email in an existing thread (Ex – “See updated invoice attached”), where only the pay-to details have been changed.
- Staff get realistic login prompts and MFA fatigue attacks that steal access to payroll systems.
- Executive assistants receive calls that sound exactly like their boss, “authorizing” urgent payments.
At Fisher’s, these are the scenarios we’re now hardening clients against: email security, MFA, backups, and user training are no longer “nice to haves” – they’re security necessities.
The Good News from 2025: The Ones That Got Away
It’s not all doom and gloom, 2025 brought wins for the good guys too!
1. Regulators took big swings at robocalls and impersonation
- The FTC’s Government and Business Impersonation Rule led to enforcement actions and the takedown of multiple fake government and business sites in 2025, aiming to reduce losses from impersonation scams.
- The FCC removed 1,200+ non-compliant voice service providers from its Robocall Mitigation Database in August 2025, effectively cutting them off from the U.S. phone network for failing to meet anti-robocall requirements.
- Robocall-focused reports show high STIR/SHAKEN adoption among major carriers and a slight decline in signed scam robocalls, making some older spoofing tricks less effective on top-tier networks.
2. Visa (and others) started actively “scam hunting”
In 2025, Visa launched a dedicated “Scam Disruption” team focused on proactively finding and taking down scam operations. In 2024 alone, that team reportedly helped stop more than $350 million in attempted fraud and dismantled around 12,000 scam merchant sites, and they’re expanding that work with AI and automation.
That’s a lot of fish wriggling off the hook before they ever reach consumers.
3. AI is helping defenders too, not just attackers
According to Feedzai’s 2025 AI Trends in Fraud and Financial Crime Prevention report, about 90% of financial institutions are now using AI to fight fraud, and more than half say AI is involved in most fraud attempts they see – but now it’s being utilized on both sides of the fight.
Banks and credit unions are deploying models to:
- Spot weird transaction patterns in real time
- Flag deepfake-driven account takeovers
- Block suspicious payments before the money leaves
In short: While scammers are improving their tactics, the good guys are beefing up their arsenals & getting better at fighting back!
What You Can Do in 2026: Don’t Take the Bait
Here’s your Scam Season Survival Kit for 2026, for both individuals and SMBs.
For individuals
- Slow down when money or feelings are involved.
- Urgency + emotion (panic, romance, fear) = RED FLAG!
- Verify on a second channel.
- Don’t trust caller ID or a single message.
- If “your bank” calls, hang up and call the number on the back of your card.
- If a loved one calls with an emergency, hang up and call them or a trusted contact back directly.
- If you don’t have one already, take time this holiday season to set a secret passcode with your loved ones to know when they’re on the other line!
- Treat MFA codes like passwords.
Never read a one-time code to anyone – even if they claim to be the bank or IT. - Type URLs yourself.
Skip links in texts, emails, and social posts; go look them up or visit the official website or app directly. - Assume AI is in the mix.
If a message, voice, or video feels “off,” treat it like a deepfake until you can prove it’s real.
For small & mid-sized businesses
This is where Fisher’s lives every day, so we’ll keep it practical:
- Require MFA – Everywhere. Period.
- On email, remote access, financial apps, HR platforms, and cloud tools. Prefer app-based prompts or security keys over SMS.
- Train your team quarterly.
- Short, realistic sessions on phishing, impersonation, AI voice/video scams, and invoice fraud. Use real-life examples, not just generic posters.
- Lock down money movement.
- Set written policies so staff feel empowered to question “urgent” requests, even from executives.
- Avoid using personal devices for work logins whenever you can.
- Managed devices (or at least managed profiles) make it much easier to enforce security, apply patches, and monitor for threats.
- Backup like your business depends on it (because it does).
- Testable backups, business continuity plans, and clear incident response steps help turn “disaster” into “bad day that we recovered from.”
- Work with an IT partner who thinks security-first.
- Managed IT providers like Fisher’s Technology bake in security – MFA, backups, monitoring, and user training—across the Northwest so SMBs don’t have to DIY their defenses.
Final Thoughts: Say See Ya’ to Scams in 2026!
Scammers are always going to cast their lines where the fish are biting – text messages, email, social media, and now AI-powered voices and videos.
2025’s data shows that:
- Investment & crypto scams are still the biggest-dollar threat.
- Impersonation & phishing scams are the most common and increasingly AI-boosted.
- AI-powered account takeovers and invoice fraud are the fastest-rising risk for businesses.
But it also shows that regulators, banks, and security teams are fighting back – and winning some important battles!
If you Slow down, verify on a second channel, and build some basic security habits at home and at work, you’ll make for a much tougher catch in 2026!
If you’re an SMB leader in Idaho, Montana, Washington, or Utah who wants help putting the right guardrails in place – MFA, backups, monitoring, and training – our Fisher’s IT team is always just one click (or call) away!
Until then, here’s to a scam-free new year—and to keeping all your fishing firmly in the “weekend hobby” category, not your bank account. 🎣