Fraud targeting Americans’ savings and retirement accounts has surged so sharply that Fidelity Investments, the nation’s largest retirement plan administrator, has escalated its public warnings to a level the firm reserves for systemic threats. Through customer alerts, blog posts, and public commentary issued into early 2026, Fidelity has flagged a new generation of scams, from AI-cloned voice calls to counterfeit brokerage login pages, that are draining accounts faster than traditional defenses can respond.
The scale of the problem is staggering. In March 2025, the Federal Trade Commission reported that consumers lost more than $12.5 billion to fraud in 2024, a 25 percent increase over the prior year. Investment scams alone accounted for $5.7 billion of that total, making them the single costliest fraud category the agency tracks. If that growth rate holds, total losses would surpass $15 billion by 2025 or 2026, a trajectory that Fidelity and other major firms have treated not as a worst-case scenario but as a baseline planning assumption.
Because the FTC’s figures capture only what victims actually report, the real toll is almost certainly higher. Many people never file complaints, whether out of embarrassment, confusion, or the belief that stolen money is gone for good.
What the federal data confirms
The FTC’s Consumer Sentinel Network, which aggregates fraud and identity-theft reports from consumers, law enforcement, and industry sources, provides the clearest statistical picture of the fraud wave’s scope. Three findings from the 2024 data release stand out:
- Total reported fraud losses topped $12.5 billion, up 25 percent year over year.
- Investment scams, including fake cryptocurrency platforms, impersonation of legitimate brokerages, and bogus trading schemes, drove $5.7 billion of those losses.
- The increase built on several consecutive years of rising losses, meaning the 2024 jump was not a one-time spike but part of a sustained climb.
Consumer Sentinel’s public dashboards break down losses by scam type, victim age, and geography. But the database has a well-documented blind spot: underreporting. FTC researchers have acknowledged that reported losses represent a floor, not a ceiling. That gap is why the $15 billion projection, while not yet confirmed by measured data, has gained traction across the financial services industry as a credible near-term estimate.
Why retirement accounts face outsized risk
The FTC tracks investment scams as a broad category but does not publish a separate line item for fraud hitting 401(k) plans or IRAs. That reporting gap matters because the damage to a retirement account is fundamentally different from a stolen credit card number.
Consider a 40-year-old who loses $50,000 from a 401(k). The immediate hit is painful enough, but the compounding loss is worse. At a historically typical average annual return of 7 percent, that $50,000 would have grown to roughly $380,000 by age 65. On top of that, a fraud-triggered withdrawal can create tax liabilities and early-withdrawal penalties that the victim must sort out with the IRS, adding insult to an already devastating injury.
Fidelity has responded by tightening verification requirements on large withdrawals and transfers, deploying behavioral analytics that flag unusual login patterns, and expanding customer education around common scam scripts. The firm’s fraud-awareness materials now specifically warn that a familiar voice on the phone is no longer reliable proof of identity, a direct reference to AI-powered voice cloning. Other major custodians, including Charles Schwab and Vanguard, have introduced similar measures, though the specifics differ from firm to firm.
What these protections do not cover is equally important. The Securities Investor Protection Corporation (SIPC) steps in when a brokerage firm itself fails, but it does not reimburse losses caused by outside criminals. Some firms offer voluntary fraud guarantees, but those typically require the customer to have followed security protocols like enabling two-factor authentication and reporting unauthorized activity quickly. A saver who was manipulated into authorizing a transfer, believing they were speaking with a legitimate representative, may find recovery far more difficult.
FINRA, the self-regulatory body overseeing broker-dealers, has also issued investor alerts about account-takeover schemes and impersonation scams. The SEC’s Office of Investor Education has published similar warnings about AI-driven fraud tactics. But regulatory alerts, however useful, move slower than the criminals they describe.
The technology arms race
What makes the current fraud wave different from earlier cycles is the speed at which criminals have adopted new tools.
AI-generated voice cloning is the most visible example. Services capable of producing a convincing replica of someone’s voice from just a few seconds of recorded audio have become cheap and widely accessible. Scammers use cloned voices to pose as family members in distress or financial advisors requesting urgent action. Deepfake video, while still less common, has surfaced in targeted attacks where criminals simulate a live video call with a supposed bank representative.
Traditional social engineering has also migrated to new channels. Encrypted messaging apps, social media direct messages, and dating platforms have all become primary vectors for investment scams. The FTC does not isolate AI-driven fraud as a separate reporting category, so assigning a precise share of losses to any single technology is not yet possible. What case patterns reveal is that criminals routinely layer multiple tools: a data breach supplies personal details, a spoofed caller ID lends credibility, and emotional pressure closes the trap before the victim has time to think.
Financial firms are fighting back with their own technology. Fidelity and several peers have deployed machine-learning models that analyze transaction velocity, device fingerprints, and behavioral biometrics to catch suspicious activity before funds leave an account. These systems are improving, but they face a structural disadvantage: a fraud detection model must be right every time, while an attacker only needs to slip through once.
What we still don’t know
As of May 2026, several key questions remain open. The FTC has not yet released comprehensive fraud-loss data for 2025, so whether the 25 percent annual growth rate accelerated, held steady, or began to flatten is still unknown. The share of losses specifically hitting retirement accounts is not broken out in any public federal dataset, despite calls from industry groups for more granular reporting.
There is also an open question about how much of the measured increase reflects genuinely new criminal activity versus better reporting. The FTC has expanded its intake channels and public awareness campaigns in recent years, which could push complaint volumes higher even if underlying fraud rates were leveling off. Most analysts believe both factors are contributing, but separating them cleanly is not yet possible with available data.
How to protect your accounts right now
No individual action will stop a $12.5 billion (and growing) fraud wave. But the steps that matter most are straightforward, and taking them meaningfully shifts the odds:
- Enable two-factor authentication on every financial account. Use an authenticator app rather than SMS codes when possible, because SIM-swap attacks can intercept text messages.
- Verify requests independently. If someone claiming to represent your brokerage calls or texts asking you to move money or share a one-time code, hang up. Call the number printed on your account statement or listed on the firm’s official website.
- Review account activity weekly. Catching unauthorized transactions early improves recovery odds and limits the compounding damage that makes retirement fraud so destructive.
- Freeze your credit at Equifax, Experian, and TransUnion if you are not actively applying for new credit. A freeze blocks criminals from opening accounts in your name using stolen personal information.
- Report fraud immediately. File a complaint at reportfraud.ftc.gov and contact your financial institution’s fraud department. Fast reporting feeds the data that helps regulators and firms spot emerging scam patterns.
The gap between criminal innovation and institutional defense is not closing quickly. Fidelity’s increasingly urgent warnings reflect a reality that the rest of the industry is grappling with, too: the tools available to scammers are evolving faster than the safeguards meant to stop them. For the millions of Americans with retirement savings sitting in brokerage and 401(k) accounts, vigilance is no longer optional. It is the first and most reliable line of defense they have.
