New Federal Trade Commission (FTC) data shows how imposter scams have become the most reported form of fraud in the U.S. Financial losses nearly tripled from 2020 to 2025, and last year, Americans lost $3.5 billion to people pretending to be someone they trusted. These included threat actors impersonating bank fraud departments, IRS agents, and familiar faces on social media platforms.
The agency findings reveal something more unsettling than the rising number: a shift in where con artists hunt. The classic phone calls, demanding a wire transfer, have not gone away. But those calls are now eclipsed by something cheaper, faster, and far harder to police—social media feeds. That’s where a fabricated bank alert or government threat can reach millions of people at almost no cost to the scammer.
Social Media Makes It Easier to Earn Trust
This shift in fraud attack techniques helps explain why social platforms drove more than $2.1 billion in losses last year—an 8X jump since 2020. As the starting point for finding victims, Facebook alone outpaced text messages and email combined. WhatsApp and Instagram round out the top channels, which signals a cross-platform problem.
Social media platforms provide scammers with unprecedented scale and intimacy. They do this by combining massive, global user bases with sophisticated user-data harvesting.
This allows criminals to automate highly personalized, targeted attacks at a scale that traditional, manual cold calling can never achieve. Because they seem to know so much about their targets, it’s easy to lure people into their traps.
Federal Government Comes Out Swinging
The FTC also reported that total losses across every fraud category hit a record $16 billion in 2025—a 25% jump in a single year. Some may view this as a consumer-education problem. However, it’s an identity verification problem at an infrastructural scale.
“What makes impersonation attacks so effective is the authenticity of the interaction, commented Darren Guccione, CEO and Co-Founder at Keeper Security. “AI-generated voice, realistic messaging, and convincing account impersonation have dramatically lowered the barrier to entry for fraudsters. The erosion of trust affects organizations as much as individuals.”
In response to the unprecedented level of fraudulent activity in recent years, the FTC developed the Impersonation Rule, which went into effect in 2024. The rule makes it explicitly illegal for scammers to impersonate government agencies and legitimate businesses. It includes several enforcement actions, ranging from forcing scammers to return money to paying penalties (up to $50K+ per victim) and the forceful shutdown of fraudulent websites and spoofed emails. Since 2024, the FTC has recovered more than $70 million for consumers.
There’s also a public-private Never Ever campaign—launched in collaboration with banks, tech platforms, and federal agencies. Led by the Elder Justice Coordinating Council and supported by the FTC and the Federal Communications Commission, the program represents the most aggressive institutional pushback yet to combat government and business imposter scams.
Will Enforcement Keep Pace?
The FTC data raises uncomfortable questions for regulators and platforms: When the cheapest, most scalable place to commit fraud is also the place where Americans spend the most time, can enforcement keep pace? Or will agencies and financial institutions perpetually be a step behind the next scam?
“Imposter scams are evolving from mass outreach into highly-personalized financial crime,” noted Patrick Harr, Chief Executive Officer at DataVisor. “Fraudsters now have cheaper and better AI tools to create convincing messages, fake websites, cloned voices, and even deepfakes that make victims believe they are dealing with a trusted institution or person. That is especially dangerous in payments, because once a consumer is manipulated into authorizing the transfer, the transaction can look legitimate on the surface.”
To take on this challenge, Harr advises, “Financial institutions need to look beyond static transaction rules and get better at detecting the warning signs earlier in the journey— suspicious behavior, recipient risk, mule-account linkages, and signals that a customer is being coached in real time.”
Dissecting the Con: Creating False Trust and Urgency
The FTC findings discovered that bank impersonators were responsible for the largest share of business impersonation losses. Government impersonators were also very active. They drained $920 million, often by threatening legal or financial consequences. From the victim perspective, losses are limited only by the total amount of wealth they are willing to voluntarily transfer—under the false belief that they are securing or protecting their funds.
When they receive a fake security alert, they are hit by tactics that appear legitimate and gain their trust. This includes duplicating official logos, brand colors, and email or messaging formats from well-known social media platforms and banks.
The message may originate from a display name that looks credible, and the alert typically describes a catastrophic scenario, such as "unauthorized login detected" or "account permanently disabled." The message always includes a direct link (e.g., "click here to secure your account"), which redirects victims to a fraudulent website designed to harvest whatever information victims are willing to enter.
The urgency manufactured by these alerts is not accidental; it is a calculated mechanism to trigger fast, instinctual, and emotional response. Scammers achieve this through artificial deadlines and pressure, such as "Your account will be deleted in 10 minutes" or "Act immediately to prevent permanent suspension".
What's at Stake If Consumer Trust Keeps Eroding?
Despite years of awareness campaigns, older adults remain a central target of threat actors. While the FTC enforcement actions will stop some attacks, the scale of social media platforms will continue to expose millions to potential fraud.
“Impersonation scams are not new, but every year these attacks seem to undergo a metamorphosis that makes them harder to detect and resist, courtesy of rapidly evolving technological capabilities,” observed Mika Aalto, Co-Founder and Chief Executive Officer at Hoxhunt. “Attackers can now combine AI-generated content, QR codes, social media impersonation, voice cloning, and even video deepfakes to create experiences that feel authentic across multiple channels and touch points in a complex attack chain. The technological barrier to executing these scams gets lower by the minute.”
When fraud occurs, victims lose trust in social media platforms. Even though the platforms may not be at fault, consumers likely feel they're responsible for not keeping the bad guys out.
The impersonated brands, who clearly are not at fault, also suffer. They can’t help but be associated with the threat actors who spoofed them, and that is likely to prompt customers to turn elsewhere. But with so many brands being spoofed, customers may run out of options. Learning how to thwart fraudsters may be the only viable option.