WASHINGTON — Reported U.S. losses to online crime climbed to a record $16 billion in 2024 even as the number of complaints edged down, the FBI said in its annual Internet Crime Report, released April 23, 2025. The bureau’s Internet Crime Complaint Center (IC3) logged 859,532 complaints last year, 2.4% fewer than in 2023, but the dollar loss jumped 33%.
“The 2024 Internet Crime Report combines information from 859,532 complaints of suspected internet crime and details reported losses exceeding $16 billion—a 33% increase in losses from 2023,” the FBI press release stated.
Phishing and other spoofing schemes remained the most common complaint, followed by extortion and personal-data breaches. Victims of investment fraud — particularly cryptocurrency scams — suffered the greatest financial damage, losing more than $6.5 billion.
The IC3 data highlight the continued vulnerability of older Americans and densely populated states. Californians, Texans and Floridians reported the highest numbers of incidents and total losses, while victims age 60 and older filed 147,127 complaints that accounted for nearly $4.8 billion in losses.
The FBI urged local governments to share the report’s findings with IT, finance and public-safety leaders as they refine cybersecurity training and incident-response plans. Agencies that believe they or their residents have been targeted are encouraged to file an IC3 complaint and immediately contact their local FBI field office.
“Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams,” FBI Director Kash Patel said.
The full report is available on IC3.gov and includes state-level breakdowns that municipal and county officials can use to benchmark local trends against national patterns.
Reduce internet crime risk
Here are five ways local governments can reduce their exposure to internet crime:
- Mandate multi-factor authentication (MFA) for all remote access, email, and privileged accounts to block most credential-based attacks.
- Segment and monitor the network under a zero-trust model, limiting lateral movement and enforcing least-privilege access for every user and device.
- Run routine phishing simulations and security-awareness training so employees and elected officials can spot malicious links, invoices, and social-engineering ploys.
- Patch software and firmware promptly—maintain a real-time asset inventory, subscribe to CISA Known Exploited Vulnerabilities alerts, and automate updates where possible.
- Test and update the incident-response plan through annual tabletop exercises; join MS-ISAC for threat intelligence and report suspected intrusions to the FBI’s IC3 without delay.
Gov1 is using generative AI to create some content that is edited and fact-checked by our editors.
