Skip to main content
Emerging Threats

Impostor Scams Expose Vulnerabilities, Cost $3.5B in 2025

Person sits at desk, looking concerned, holding phone with laptop and papers nearby.

"FTC’s latest numbers show that imposter scams are evolving from mass outreach into highly personalized financial crime," said Patrick Harr, Chief Executive Officer at DataVisor.

FTC numbers: $3.5 billion lost in 2025, triple the losses since 2020

Data the Federal Trade Commission provided shows Americans reported $3.5 billion in losses to imposter scams in 2025. The FTC figure represents roughly a threefold increase in reported losses since 2020. The breakdown cited in the reporting shows $1 billion lost to business impersonators, $920 million to government impersonators, and $2.1 billion tied to scams on social platforms.

Social platforms as a primary distribution channel

Security leaders in the report point to social media as the single most consequential delivery mechanism for these frauds. Darren Guccione, CEO and Co-Founder at Keeper Security, noted that more than $2.1 billion was traced to social platforms and that nearly one in three victims were first contacted through social channels. Jason Soroko, Senior Fellow at Sectigo, said victims reported $2.1 billion in losses originating from social media — an eightfold increase over five years — and added that Facebook, WhatsApp, and Instagram facilitated a majority of those interactions.

AI, deepfakes and the mechanics of modern impersonation

Multiple experts described a technological shift that has lowered the cost and increased the realism of impersonation. Patrick Harr warned of "cheaper and better AI tools" able to produce convincing messages, cloned voices and deepfakes. Mika Aalto, Co‑Founder and Chief Executive Officer at Hoxhunt, described attackers combining AI-generated content, QR codes, social media impersonation, voice cloning and video deepfakes to create multi-channel attack chains that "feel authentic across multiple channels and touch points."

Darren Guccione cited recent research showing "41% of IT leaders highlighted deepfakes as the top identity-based threat" and that "AI-driven social engineering" was among the top concerns for security leaders globally, cited by 35% of respondents. The combined message from the experts is consistent: authenticity of interaction — what looks and sounds real — is the core enabler of these scams.

Detection and defense: signals, controls, and where to focus

Security leaders pushed for defenses that go beyond static rules. Harr urged financial institutions to "look beyond static transaction rules" and detect earlier warning signs such as suspicious behavior, recipient risk, mule-account linkages, and signals that a customer is being coached in real time. Guccione argued that defense "cannot rely on awareness alone" and recommended phishing-resistant authentication, strong credential governance and real-time monitoring for identity-based anomalies as foundational controls that make impersonation substantially harder to execute.

Jason Soroko emphasized the shift in attacker strategy: "Attackers bypass security perimeters by manipulating trust," and that many high-loss schemes involve bank impersonators prompting victims to transfer funds. He and others reinforced that impersonation bypasses technical perimeter defenses by exploiting human trust across channels.

How technologists, financial institutions, and end users are likely to respond

  • Technologists and security teams: Expect an increased investment in real-time identity anomaly detection, monitoring for mule accounts and recipient risk scoring, and tighter credential governance — steps directly recommended by the security leaders quoted in the report.
  • Financial institutions and payment processors: Will face pressure to supplement static transaction rules with behavioral signals and to detect coaching or orchestration of transfers earlier in the customer journey, as Patrick Harr advised.
  • End users and social platforms: Will be central to the problem and any mitigation. Experts point to social channels as the origin for a large share of losses and highlight that awareness alone is insufficient; platform-level identity verification and controls are implied as part of the response.

The FTC’s $3.5 billion figure and the security leaders’ analysis together paint a picture of impersonation moving from bulk nuisance scams to targeted, multi-channel financial crime enabled by accessible AI tools. The critical question left by those experts is whether organizations and platforms will adopt the identity-focused controls they say are necessary — and how quickly — before fraudsters scale these techniques further.

Source: Imposters Scams Caused $3.5B in Losses in 2025 — Security Magazine