HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Imposter Scams Drain $3.5 B from U.S. Consumers in 2025, FTC Reports

The FTC reports $3.5 billion lost to imposter scams in 2025, with fraudsters posing as banks, government agencies, and other trusted entities. The scale of loss underscores why SOC 2‑aligned security‑awareness programs are essential for audit readiness.

LiveThreat™ Intelligence · 📅 June 20, 2026· 📰 fortra.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
fortra.com

Imposter Scams Drain $3.5 B from U.S. Consumers in 2025, FTC Reports

What Happened — The U.S. Federal Trade Commission (FTC) disclosed that Americans lost $3.5 billion to imposter‑type scams in 2025—nearly three times the amount reported in 2020. Imposters pretended to be banks, government agencies, or other trusted entities across SMS, voice, email, social media, and search results, with bank‑impersonation alone accounting for roughly $1 billion of the loss.

Why It Matters for Compliance & Audit Readiness

  • The attack pattern mirrors the “Phantom Hacker” multi‑stage social‑engineering flow that SOC 2 access‑control policies are designed to detect and mitigate.
  • Continuous evidence of employee training, verification procedures, and incident response satisfies the SOC 2 CC6.1 (Logical Access) and CC6.2 (User Management) controls.
  • Verisq’s Security Awareness Training capability provides audit‑ready documentation of program updates, phishing‑simulation results, and policy adoption—key artifacts for a defensible SOC 2 audit.

Who Is Affected — Financial services, government agencies, retail/e‑commerce, and any organization that handles consumer‑direct communications.

Recommended Actions

  • Map the multi‑stage imposter scenario to SOC 2 CC6.1/CC6.2 controls and update your security‑awareness curriculum accordingly.
  • Capture training completion, simulation metrics, and verification policy logs as continuous compliance evidence.
  • Conduct periodic tabletop exercises that replicate the “Phantom Hacker” flow to test detection and response.

Source: Fortra Blog – Imposter scams cost Americans $3.5 B in 2025

Technical Notes

  • Attack vectors: phishing via SMS (smishing), voice (vishing), email, social media, and search‑engine spoofing.
  • No specific CVE; the threat leverages social‑engineering rather than software flaws.
  • Primary data type compromised: financial credentials and personal identifiers used to authorize transfers.

Source: [Fortra Blog – same link]

📰 Original Source
https://www.fortra.com/blog/imposter-scams-cost-americans-35-billion-2025-and-its-getting-worse

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Awareness is a control you can evidence too.

Verisq AI Trust Operations records training completion and policy adoption as audit evidence — turning 'we train our staff' into something you can actually prove.

See how Verisq AI Trust Operations covers awareness →