Business email compromise and investment fraud were among the most expensive forms of cybercrime in 2024, proving that the most damaging attacks are not always the most technical ones. According to the FBI IC3 2024 report, victims submitted 859,532 complaints and reported total losses of 16.6 billion dollars, marking a sharp rise from the previous year.
While phishing, spoofing, and extortion were among the most reported complaint types, the biggest financial losses came from scams designed to exploit human trust, not just weak systems.
Key takeaways inside the story
- Total reported cybercrime losses reached 16.6 billion dollars in 2024
- Investment fraud led losses with 6.57 billion dollars reported
BEC scams caused 2.77 billion dollars in losses and remain a top business threat.
Why investment fraud became the biggest cybercrime loss driver
Investment fraud stood out in the FBI’s 2024 data because it generated enormous losses even though it was not the most commonly reported crime category. The IC3 report shows investment-related losses of 6,570,639,864 dollars, making it the costliest internet crime type of the year.
Cybersecurity Dive also highlighted that investment scams were only the fifth most commonly reported type, yet they produced the greatest financial harm, showing how a smaller number of successful scams can still create massive damage.
What makes investment fraud so expensive compared to other scams
Because these scams often convince victims to transfer large amounts over time, especially through cryptocurrency investment schemes, the losses per victim can be extremely high.
Business email compromise scams continue to drain billions
Business Email Compromise remains one of the most financially devastating cybercrime categories because it targets real business processes like invoices, payroll, vendor payments, and wire transfers. Unlike ransomware, BEC scams often rely on convincing messages and impersonation rather than malware.
In 2024, the FBI IC3 report recorded 21,442 BEC complaints with adjusted losses totaling 2,770,151,146 dollars, reinforcing that BEC scams are still a major threat to organizations of every size.
Cybersecurity Dive pointed out that BEC scams rely heavily on persuasion and social engineering, and that is what makes them so effective even in businesses with strong IT systems.
BEC attacks grow when teams lack training coverage, the cybersecurity skills gap is a major reason these scams keep winning.
How do BEC scams usually work
Attackers impersonate executives, vendors, or finance teams and pressure employees into transferring funds or changing payment details, often using realistic email language and urgent timing.
The real story behind 2024 cybercrime is simple
The numbers show a clear pattern. Scams that exploit people are outpacing attacks that exploit software.
Cybersecurity Dive highlighted an important comparison from the report that shows how attacker focus is shifting. Botnets caused relatively small losses of 8.9 million dollars, while SIM swapping attacks caused around 26 million dollars, suggesting criminals are prioritizing methods that directly unlock money and accounts quickly.
This reinforces an important cybersecurity reality for 2025 and beyond. Fraudsters go where the money is easiest, and today that often means targeting decision-making, approvals, and payment behavior.
Practical steps to reduce risk for individuals
Even if you are not running a business, the rise of investment fraud means everyday users are high-value targets. The most common warning signs include guaranteed returns, pressure to act fast, and requests to move money into unfamiliar platforms or wallets.
If you want a safer approach, follow these three rules before sending any funds:
- Verify the company and platform independently, not through links in messages
- Avoid urgent financial decisions made under pressure
- Treat cryptocurrency investment demands as a red flag unless proven legitimate
What should I do if I already sent money to a scammer
Report it immediately to relevant authorities and your bank or platform. Fast reporting improves the chance of tracing funds and limiting long-term damage.
How businesses can prevent BEC scams in 2026
BEC scams are not only a cybersecurity issue. They are a process security issue. In 2026, organizations that reduce losses will be the ones that treat payment controls as seriously as system security.
Here are the 2026 practices that reduce BEC risk immediately:
- Require dual approval for wire transfers and vendor bank changes
- Use verified call-back procedures before payments are updated
- Enforce multi-factor authentication on email accounts and admin tools
- Add domain protection and email verification policies to reduce impersonation
- Train finance and operations teams to recognize urgency-based fraud
For stronger prevention, zero trust architecture zta adoption reduces risky access and improves verification across workflows.
Even the strongest firewall cannot protect a company if payment approvals are based on trust alone. BEC scams succeed when processes are easy to manipulate, not when servers are weak.
Final thoughts
The 2024 cybercrime report highlights a growing reality. The most costly attacks are increasingly built around persuasion rather than technical exploitation. Investment fraud and BEC scams have become high-impact threats because they directly target money movement, trust, and routine operations.
As 2026 approaches, organizations and individuals who prioritize verification, awareness, and strong approval controls will be far better positioned to prevent losses before they happen.
