F-Secure Scam Intelligence & Impacts Report 2025

This year’s report uncovers the human cost of scams. As fraud grows more manipulative, its toll is not only financial, but psychological, social, and systemic.

Global insights reveal a paradox: most people trust their ability to spot scams—yet nearly half still fell victim. Overconfidence leaves consumers exposed, and stigma leaves many too ashamed to speak out, making scams among the most underreported crimes today.

Key Findings

• Confidence ≠ Resilience: 69% of people believe they can spot a scam—but 43% of them still fell victim in the past year.

• Victimization is Rising: Scam rates doubled in the USA from 2024 to 2025. In Vietnam, 90% of respondents were scammed last year.

• Young Adults Are Most Exposed: Individuals aged 18–34 face more than double the scam risk of adults aged 65–74.

• Underreporting is Widespread: Only 7% of scams are reported globally, largely due to victim blaming and feelings of shame.

• Consumers Want Protection: 50% are willing to pay for scam protection—especially younger adults who expect it from service providers.

2025 Scam Landscape: How Overconfidence Leaves Consumers Vulnerable

By Timo Salmi, F-Secure Senior Solution Marketing Manager

In today’s hyperconnected world, consumers are more likely than ever to fall victim to scams. But not all see it that way—many believe they’re equipped to recognize and avoid them. This confidence offers a sense of control, but it can also be their greatest weakness.

According to 2025 F‑Secure Consumer Market Survey data, 69% of people believe they know how to spot a scam. Yet 43% of those confident individuals still fell victim in the past 12 months. This is the overconfidence effect in action—a cognitive bias where people overestimate their own knowledge or ability, leaving them blind to real risk.

Scam Victimization Is Rising Drastically

Scammers are quick to exploit these cognitive blind spots, using tactics like urgency and authority to override rational thinking. Our research shows that, compared to the previous year, scam victimization is accelerating across nearly all surveyed markets.

The rate of falling victim to scams in the USA doubled from 31% in 2024 to 62% in 2025, while the UK rose from 24% to 45% and Finland from 25% to 33% over the same period. Vietnam, included for the first time in this year’s survey, stands out with 90% of respondents reporting victimization—the highest rate observed in any market.

Overall, 48% of global respondents reported falling victim to cyber crime in the past 12 months. The data shows no single dominant scam type—instead, threats are spread across a wide range of categories and channels. Email scams lead at 11%, followed by malware or virus attacks at 8%, and SMS scams and credit card scams at 5% each.

Smaller but still significant numbers experienced call-based, social media, online banking, and online shopping scams. This variety underscores how cyber criminals are diversifying their tactics to target consumers in multiple ways, across every digital touchpoint.

Get more consumer insights (PDF, page 4)

Humanizing Scams: “How Could You Be So Stupid?”—A Victim’s Story

By Tracy Hall, Author, Speaker, and Advocate

In 2017, my world came crashing down when I woke up to a Crime Stoppers video of my boyfriend of almost 18 months being arrested outside his Bondi Beach apartment for swindling 15 Australian victims out of $7.6 million.

My boyfriend, Max Tavita—a Chief Investment Officer for a Family Office—was really Hamish McLaren, one of Australia’s most notorious con men. He stole my life savings ($317,000) and, it’s fair to say, my ability to trust.

The True Price of Trust

The human cost of financial crime is rarely discussed. We focus on money lost, the technology required to detect scams, and regulatory frameworks—but not the human toll. The lives devastated by the greed of others. Some who never recover.

The emotional aftermath of a scam can often be more damaging than the financial losses. It erodes self-trust, corrodes confidence, and lingers far longer than people realize. For me, the price of trust was years of recovery and rebuilding. Learning how to trust the world and myself again after such betrayal has been one of my greatest challenges.

The AI Scam Boom: 4 Ways Scammers Are Using Artificial Intelligence in 2025

By Dr Megan Squire, F-Secure Threat Intelligence Researcher

This year, AI is powering a new wave of scams—allowing threat actors to scale faster and look more convincing than ever. To better understand how criminals are using AI, we conducted an in-depth analysis of AI-driven scams in 2025, revealing four distinct ways the technology is being leveraged for fraudulent activity:

1. Target Selection – AI is used to identify and profile potential victims.

2. Infrastructure Development – AI builds the digital tools needed for attacks.

3. Content Generation – AI improves the personalization and credibility of scam bait.

4. Victim Communication – AI enables scammers to engage directly with targets.

We found that in 89% of our sample of AI-enhanced scams, AI was used for content generation. The vast majority of these involved enhancing phishing emails or impersonating people using voice cloning and deepfake video technology.

The Silent Toll of Scams: Breaking the Cycle of Shame and Inaction

By Jorij Abraham, Global Anti-Scam Alliance (GASA) Managing Director

Online scams don’t just empty bank accounts—they damage trust, dignity, and personal wellbeing. In fact, growing research suggests that the emotional trauma caused by virtual crimes can actually exceed that of physical ones.

A study by the Dutch police found that victims of digital crime often report higher levels of peritraumatic stress than those affected by physical incidents, including burglary and even sexual assault. Because there’s no physical interaction, people tend to underestimate the impact of online scams. The emotional damage, however, is real and lasting.

Blame’s Role in Silencing Victims

One of the most damaging aspects of online scams isn’t the scam itself—it’s how society responds to victims. While those affected by physical crimes are often met with sympathy, victims of online fraud are frequently dismissed, ridiculed, or shamed.

Instead of empathy, they’re met with blame: “How could you be so stupid?” Public shaming is even common on professional platforms like LinkedIn, where one user told a scam victim, “Even my 90-year-old mother wouldn’t fall for that.”

This culture of judgment deepens the emotional toll, fueling shame and silence. And data supports this trend: just 5% of burglary victims experience victim blaming, compared to 27% of individuals whose online bank accounts have been hacked. The numbers are even more troubling when it comes to sexual crime, with 22% of sexual assault victims reporting blame, versus 36% of those subjected to image-based sexual abuse.

Dive deeper into GASA data (PDF, page 27)

Risk vs Reality: Crypto Feels Dangerous—But Is Fear Justified?

By Laura Kankaala, F-Secure Head of Threat Intelligence

What people perceive as dangerous online often doesn’t align with what is actually risky. Our consumer market research shows that unfamiliar online activities—or those amplified by media attention, like cryptocurrency trading—tend to trigger the most fear. But why is that, and are those fears truly justified?

As highlighted in the F-Secure Digital Perception–Reality Gap Report, there’s a stark disconnect between perceived threats and real cyber risks. Familiar, everyday activities such as messaging via SMS or WhatsApp, making voice calls, or banking online are among the most common entry points for cyber crime, yet they provoke the least concern among consumers.

Meanwhile, crypto trading is widely seen as high-risk—even though the actual threat, in terms of likelihood and reach, is relatively lower. The potential for monetary loss, however, is significant and multifaceted: investing is inherently risky, and individuals can lose money through legitimate but poor investments, or scams.

Prevalent Cryptocurrency Scams in 2025

1. High-Yield Investment Scams – Promise of fast, guaranteed returns through fake crypto investment platforms, often using fabricated testimonials.

2. Romance Scams – Scammers build trust over time, often through online romance or friendship, before convincing victims to invest in fraudulent crypto schemes.

3. Rug Pulls – Developers suddenly withdraw all liquidity or abandon the project, causing the token's value to collapse and investors to lose their funds.

4. AI-Powered Sextortion – Cyber criminals use threats, such as AI-generated nude deepfakes or stolen images, to blackmail victims into sending cryptocurrency.

5. Crypto ATM Fraud – Romance scam or helpdesk scam victims are coerced into transferring funds via physical crypto ATMs by scammers posing as love interests, authorities, or financial institutions.

Learn how to spot crypto scams (PDF, page 33)

The Future of Trust: Reckoning with an Increasingly Unreliable Digital World

By Dr Laura James, F-Secure Vice President of Research

Scams are a deeply human threat. They exploit trust, convincing people to believe the wrong thing or to question the right one. As scams grow more personal and emotionally manipulative, we’re choosing to dig deeper into what makes people vulnerable and how we can better understand them.

This is the focus of F‑Secure’s research function, Illuminate. As the rules of engagement change, so must our understanding of how digital threats exploit our human tendencies. That’s why we’re applying social science: to explore how human behavior shapes risk and test new approaches to helping people stay safe online.

How People Are Learning to Cope Online

After more than two decades online, many of us have developed coping mechanisms to navigate digital spaces. But as the threat landscape evolves, those strategies are starting to break down. Even confident, tech-savvy users are now being scammed in growing numbers—proof that past experience is no longer enough to stay safe.

To better understand this shift, we identified several emerging patterns of behavioral adaptation. Shaped by risk appetite, digital confidence, culture, values, and behaviors, they reveal how people are trying to regain control in an environment that feels increasingly unpredictable. The following examples represent just a few of the broader set of patterns:

• Scam Taxpayer: A busy individual who accepts minor fraud losses as just another cost of modern digital life.

• Exhausted Influencer: A content creator who is shrinking their online presence after repeated negative experiences.

• Confident Outrunner: Someone who thinks they’re too smart to be targeted by scammers.

Together, these patterns help us navigate the future digital behavior landscape, showing not just what people do online, but how they feel, cope, and adapt. This perspective helps identify gaps between threat exposure and user response that traditional models overlook and enables the design of protection that accounts for human emotion, not just digital function.

Inside Scam Centers: The Dual Realities of Privilege and Exploitation

By Laura Kankaala, F-Secure Head of Threat Intelligence

When most people picture scam operations, two familiar stereotypes come to mind: a buzzing underground call center in India filled with young men cold-calling victims, or a shadowy criminal syndicate led by mafia-style kingpins with unlimited technological prowess.

These tropes, shaped by media narratives and cultural bias, contain fragments of truth. But when we reduce scammers to caricatures, we overlook the deeper mechanisms—and the often desperate or coercive circumstances—that lead people to commit cyber crime.

Oversimplifying how scams operate creates blind spots in prevention. And glamorizing scam culture risks desensitizing the very people we need to reach. These misconceptions matter. Reframing these assumptions isn’t just a PR exercise; it shapes how we understand modern day crime and help consumers respond to threats.

What Modern Scam Centers Actually Look Like

Many operations today more closely resemble commercialized cyber crime enterprises than backroom hustles, mirroring legitimate businesses with onboarding processes, sales scripts, performance quotas, and structured shifts.

But not all scam centers operate alike. Some are profit-driven enterprises, fueled by ambition and status. Others are far more sinister, powered by coercion, violence, and modern slavery—making fraud not just a financial threat, but a human rights emergency.

The Future of Scams: What the Next 5 Years Could Bring

Insights from Sarogini Muniyandi, Joel Latto, and Laura Kankaala

Scams are adapting fast—and the next wave could be more personal than ever. This chapter explores what might come next, from AI agents and all-in identity theft to moments of trust that open the door to deception.

1. Trust Triggers: Scammers Are Hacking Human Behavior

As cyber security grows stronger, the human layer is becoming the primary attack surface. Sarogini Muniyandi, Head of Scam Research & Defense Engineering at F-Secure, highlights how ‘money moments’— key interactions when people move or manage money online—are increasingly targeted in modern scams. These aren’t random attacks; they’re engineered to strike when emotional pressure is high, and attention is low.

2. All-In Identity Theft: The Next Frontier for Scammers?

Identity theft isn’t new—but it’s always evolving. F-Secure Threat Advisor Joel Latto explores the emergence of something more insidious: all-in identity theft. Instead of stopping at surface details, scammers could assemble full digital personas—starting with common personal data and adding stronger identifiers like passports or Social Security numbers, and even audio or video clips from social media to create deepfakes.

3. AI Agents: A Future Tool for Scammers—But Not Yet

AI agents are designed to do more than answer questions—they can act on our behalf. Laura Kankaala, Head of Threat Intelligence at F-Secure, explores how scammers could exploit them to automate spam campaigns, run convincing conversations, commit financial theft, and validate stolen data—while also explaining why, for now, these risks remain only theoretical.

Explore these predictions (PDF, page 47)