The Federal Bureau of Investigation (FBI) has released its annual Internet Crime Report, revealing a staggering new milestone: Americans lost nearly $21 billion to cyber-enabled crimes in 2024. This figure represents a dramatic 26% increase from the $16.6 billion reported in 2023, continuing a troubling year-over-year trend of escalating financial damage. The report, compiled from data submitted to the FBI's Internet Crime Complaint Center (IC3), also noted a significant rise in the volume of complaints, which surpassed one million for the first time, up from 859,000 the previous year. This surge underscores the relentless and evolving threat landscape facing individuals and businesses.
The financial devastation was driven by a combination of high-volume and high-impact scams. Investment fraud emerged as the most prevalent scam type, accounting for 49% of all scam-related incidents and resulting in $8.6 billion in losses. However, the single most costly category was cybercrime targeting cryptocurrency, which exceeded $11 billion in losses across more than 181,000 cases. Other major contributors to the record total included Business Email Compromise (BEC), tech support fraud, and data breaches. In terms of complaint frequency, phishing led the list with over 191,000 reports, followed by extortion (89,000) and the aforementioned investment scams (72,000).
While less frequent, several sophisticated and damaging attack vectors continued to pose severe threats. The IC3 received over 24,700 complaints related to Business Email Compromise, 3,900 for data breaches, and 3,600 for ransomware attacks. A notable 971 complaints were filed for SIM-swapping attacks, a technique used to hijack mobile accounts and bypass two-factor authentication. The report's context is amplified by recent cybersecurity headlines, including the exploitation of a new FortiClient EMS flaw, a massive surge in device code phishing attacks, and data theft campaigns targeting Snowflake customers via a breached SaaS integrator.
The FBI's data paints a clear picture of a cybercrime ecosystem that is both expanding in scale and refining its techniques. From the use of fake npm packages to hijack developer accounts to phishing lures disguised as Teams error fixes, threat actors are exploiting trust and automation to steal credentials and funds. The U.S. government has concurrently issued warnings about state-sponsored threats, such as Iranian hackers targeting critical infrastructure. For defenders, the report is a urgent call to action, emphasizing the need for robust security hygiene—from enabling features like Kernel-mode Hardware-enforced Stack Protection in Windows 11 to knowing how to thoroughly remove malware. As losses hit a record high, the imperative for proactive defense, user education, and cross-sector collaboration has never been greater.
