In January 2025, a finance worker in Hong Kong wired $25 million after joining a video call with what appeared to be his company’s chief financial officer and several colleagues. Every face on the screen was a deepfake. The same technology that powered that heist is now being aimed at ordinary Americans, and the scale is staggering: a three-second audio clip scraped from a social media video is enough for publicly available AI software to clone a person’s voice, place a panicked call to a parent or spouse, and talk them into draining a savings account before anyone realizes what happened.
The FBI’s 2025 Internet Crime Report, released earlier this year, recorded $16.6 billion in reported cybercrime losses, the highest figure the bureau has ever published. For the first time, AI-assisted fraud appeared as a standalone category, totaling nearly $893 million in complaints tied to deepfake videos, cloned voices, and synthetic social media profiles. Weeks later, the FTC’s Consumer Sentinel data showed that Americans lost additional billions through social media scams in 2025, with investment fraud and romance schemes at the top. The FTC release did not specify a single combined dollar figure for social media fraud, making a precise grand total across both agencies impossible to calculate. However, the combined scope of the two reports points to AI-enhanced fraud siphoning well north of $15 billion a year from consumers, much of it from savings, brokerage, and retirement accounts. That estimate is directional rather than precise: it is drawn from overlapping federal datasets, not from a single audited tally published by either agency.
Why the threat is accelerating
Three technical shifts have handed criminals an enormous advantage. The first is voice cloning. Microsoft’s VALL-E research model, published in 2023, demonstrated that a person’s speech patterns could be reproduced from just three seconds of sample audio. Open-source alternatives have since made the capability free to anyone with a laptop and an internet connection.
The second is AI-generated phishing at scale. Generative language models can now produce text messages that are grammatically flawless, personalized with a target’s name and partial account details, and nearly impossible to distinguish from a legitimate bank alert. According to research from cybersecurity firm Proofpoint, a single smishing operation can push upward of 100,000 spoofed messages in a day, blanketing area codes with fake fraud alerts designed to harvest login credentials.
The third is real-time deepfake video. Scammers on live video calls can now convincingly impersonate a family member, a financial adviser, or a corporate executive, as the Hong Kong case demonstrated on a $25 million scale.
The FBI’s report described the playbook in stark terms: criminals build trust through fake profiles or cloned voices, then steer victims into sending funds through cryptocurrency wallets or wire transfers that are extremely difficult to reverse. The full cycle, from first contact to emptied account, can collapse into days.
What Fidelity and other brokerages are doing
Fidelity Investments, which managed roughly $5.8 trillion in customer assets as of early 2026, has ramped up fraud-awareness outreach to accountholders. The firm’s security center now carries explicit warnings about voice-cloning scams, spoofed text messages, and social-engineering tactics that target retirement savings. Fidelity urges clients to verify any unexpected contact by calling the number printed on their account statements, never through a link or phone number embedded in an incoming message. The company has not named a public spokesperson for its anti-fraud efforts or disclosed specific dollar amounts spent on new detection tools, so the scope of its internal response remains unclear.
Charles Schwab and Vanguard have published similar advisories. Several brokerages have layered voice-verification prompts and additional multi-factor authentication steps specifically designed to counter AI-generated impersonation. But the defensive technology consistently trails the offensive capability. A May 2026 FINRA investor alert urged firms to treat AI fraud as a permanent, evolving threat rather than a one-time patch, warning that each new safeguard is typically met with a workaround within months.
Where the federal numbers fall short
Both the FBI and FTC build their totals from voluntary, self-reported complaints. Many victims never file. Some do not realize they have been scammed until months later. Others feel too embarrassed to come forward. That means the official figures almost certainly represent a floor, not a ceiling.
There are also gaps in detail. Neither agency’s current release breaks out how much of the total flows through brokerage and retirement accounts versus bank accounts, payment apps, or gift cards. The $15 billion figure referenced in the headline and in financial-media coverage is an inference drawn from the combined FBI and FTC datasets. It is not a single audited number published by either agency, and readers should treat it as an approximate indicator of scale rather than a verified total.
What the data do confirm is trajectory. AI-related fraud went from an uncounted subcategory to a nearly $900 million standalone line item in a single reporting cycle. Investment scams, which frequently rely on AI-generated content to appear legitimate, accounted for the largest dollar losses in both the FBI and FTC reports. Even with imperfect measurement, the direction is unmistakable.
How to protect your accounts right now
Federal agencies and major brokerages converge on a short list of defensive steps worth reviewing as of June 2026:
- Verify before you act. If you receive a call, text, or video from someone claiming to be a family member, banker, or government official asking for money or account credentials, hang up and call back using a number you already have on file. Never use contact information provided in the suspicious message itself.
- Set a family code word. Choose a simple passphrase that only your household knows. If someone calls claiming to be a relative in distress, ask for the code word before sending anything.
- Enable multi-factor authentication on every financial account. Hardware security keys offer the strongest protection. Authenticator apps are a solid second choice. SMS-based codes are better than nothing but remain vulnerable to SIM-swap attacks.
- Limit your voice and video footprint. The less audio and video of you that exists publicly, the harder it is for a scammer to build a convincing clone. Review privacy settings on social media and consider restricting who can view video content.
- Report promptly. File complaints with the FBI’s IC3 portal and the FTC’s online fraud reporting tool. Early reports help both agencies spot emerging patterns and issue public warnings faster.
Why regulators are still playing catch-up
The FCC’s STIR/SHAKEN framework, which requires phone carriers to authenticate caller ID information, has reduced some robocall spoofing. But it does not cover text messages or internet-based calling apps, the exact channels scammers increasingly prefer. Proposed legislation in Congress would require financial institutions to reimburse certain fraud victims more broadly, though none of those bills had reached a floor vote as of late May 2026. Under current rules, consumers who authorize a transfer, even under false pretenses, often have no legal right to reimbursement from their bank or brokerage.
Meanwhile, the tools keep getting cheaper. Voice-cloning software that required expensive cloud computing two years ago now runs on consumer-grade hardware. Deepfake video generators that once took hours to render a single clip produce passable results in minutes. Every drop in cost and complexity expands the pool of criminals who can deploy these techniques at scale.
The federal numbers, as large as they are, should be read as a conservative snapshot of a problem that is still accelerating. Billions have already been lost. And until authentication technology, regulation, and consumer awareness catch up to the speed of AI-powered deception, the gap between what criminals can steal and what institutions can stop will keep growing.
