Aggregate IC3 reporting shows business‑email‑compromise (BEC) and phishing/spoofing continue to generate the largest reported dollar losses to U.S. victims, amounting to multi‑billion totals across recent years. Law enforcement and industry experts are emphasizing preventive measures including multi‑factor authentication, employee training and payment‑verification procedures.

Recent summaries of FBI/IC3 data released in December 2025 reconfirm that business‑email‑compromise (BEC) and phishing remain the dominant sources of reported dollar losses to U.S. organizations and individuals. IC3 statistics aggregated over recent reporting periods indicate multi‑billion‑dollar impacts stemming from targeted BEC schemes that often combine social engineering, compromised credentials and fraudulent wire‑transfer instructions. Phishing and spoofing campaigns continue to supply criminals with the initial access and harvested credentials used to execute higher‑value BEC attacks. The trend has prompted renewed emphasis from law enforcement, financial institutions and industry groups on layered defenses: implementing multi‑factor authentication, secure email gateway protections, employee awareness and simulation training, and robust outbound payment verification protocols that require secondary confirmations for large transfers. Authorities also highlighted the value of rapid reporting to the IC3 and banks to freeze or recall fraudulent transactions. Public‑private partnerships and vendor cooperation were cited as critical to reducing the operational success of these schemes and minimizing recovery timelines when intrusions are detected early.