A single text message cost a retired teacher in Ohio $14,000 last year. The message looked like a fraud alert from her bank, complete with a legitimate-seeming phone number. She called it, spoke with someone who sounded like a bank representative, and followed instructions to “secure” her account. By the time her real bank flagged the transfers, the money was gone. Her experience, while individual, fits a pattern that federal data now confirm is accelerating across the country.
Americans reported losing more than $12.5 billion to fraud in 2024, a 25 percent increase over the previous year, according to the Federal Trade Commission’s Consumer Sentinel Network Data Book released in March 2025. Investment scams led the way at $5.7 billion, followed by imposter schemes at $2.95 billion. The FBI’s Internet Crime Complaint Center, tracking from a different angle, recorded 859,532 complaints and losses exceeding $16 billion for the same period, a 33 percent jump from 2023. The gap between those two totals reflects different reporting populations and collection methods, not a contradiction. Either way, the trajectory is steep and consistent.
Text messages have become the sharpest weapon
Of all the channels fraudsters exploit, text messaging has grown the fastest. The FTC reported that consumers lost $470 million to scams that started with a text in 2024, a figure five times higher than the comparable number from 2020. Fake package delivery notices, bogus toll-road charges, and phony bank alerts are among the most common lures. A single tap on a deceptive link can hand over login credentials or trigger a wire transfer before the victim realizes what happened.
Phone calls and email remain potent, too. The FBI’s complaint data show that phishing, spoofing, and extortion topped the list of reported schemes, with older adults bearing the heaviest losses. But text scams are growing disproportionately because they exploit the immediacy and trust people place in their phones. Most people open a text within minutes; few pause to verify the sender.
The federal response is fragmented
The U.S. Government Accountability Office examined how Washington handles the problem and found significant gaps. A report published in early 2025 documented that at least 13 federal agencies play a role in countering scams, yet no single government-wide estimate for total fraud losses exists. The GAO recommended that agencies harmonize definitions and reporting standards so that policymakers and the public can see a coherent picture.
That fragmentation matters for consumers. When the FTC, FBI, Consumer Financial Protection Bureau, and other agencies each collect data under different definitions and timelines, the true national cost of fraud remains an approximation stitched together from overlapping but distinct sources. Many victims never file a complaint with any agency at all, which means even the combined federal figures almost certainly undercount the damage.
Six steps to protect your accounts now
Federal data make the risk clear. The following steps, drawn from guidance published by the FTC, FBI, and the National Institute of Standards and Technology’s SP 800-63 digital identity guidelines, can reduce your exposure. No single measure is foolproof, but layering several together raises the bar significantly for attackers.
1. Turn on multi-factor authentication (MFA) everywhere it is available. MFA requires a second verification step beyond your password, such as a code sent to your phone or generated by an authenticator app. NIST’s guidelines treat MFA as a baseline defense for any account that holds sensitive information. Prioritize your email, bank, and investment accounts first, since those are the highest-value targets.
2. Never tap a link in an unexpected text or email. If a message claims to be from your bank, a delivery service, or a government agency, do not use the link or phone number it provides. Instead, open your browser and go directly to the organization’s official website, or call the number on the back of your card. This one habit defeats the majority of phishing and smishing attempts.
3. Freeze your credit at all three bureaus. A credit freeze, available for free from Equifax, Experian, and TransUnion, prevents anyone from opening new accounts in your name. You can temporarily lift the freeze when you need to apply for credit. Given that personal data breaches ranked among the FBI’s top complaint categories in 2024, a freeze is one of the most effective preventive measures available.
4. Use unique, complex passwords for every account. Password reuse is one of the easiest vulnerabilities for attackers to exploit. A password manager can generate and store strong credentials so you do not have to remember them. If a single site is breached, unique passwords ensure the damage stays contained.
5. Monitor your financial accounts weekly. Set up transaction alerts through your bank and credit card issuers so you receive a notification for every charge or transfer. Early detection is often the difference between recovering funds and losing them permanently. The FTC advises checking statements regularly and disputing unauthorized transactions immediately.
6. Report fraud quickly. If you suspect you have been targeted, file a complaint with the FTC at ReportFraud.ftc.gov and with the FBI’s IC3 at ic3.gov. Contact your bank immediately to freeze affected accounts. Speed matters: the FBI’s Recovery Asset Team, which intervenes in wire-transfer fraud, has a higher success rate when complaints arrive within 48 hours of the transaction.
Where the federal data still fall short
As large as the reported figures are, they come with real limitations. The FTC’s Sentinel reports are self-reported and unverified, meaning the $12.5 billion reflects what consumers chose to disclose rather than a controlled measurement. The FBI’s 859,532 complaints represent the people who found and used the IC3 portal, not the full universe of victims. Regional breakdowns published by the IC3 exist only as downloadable PDFs, making state-by-state comparison difficult without manual extraction.
Whether specific protective technologies reduce losses at a population level is also an open question. NIST’s SP 800-63 guidelines describe what strong authentication should look like, but no large-scale consumer study in the available evidence ties widespread adoption of those standards to a measurable decline in fraud losses. The guidelines represent expert consensus on best practice, not a proven guarantee for any individual.
None of that uncertainty changes the practical calculus. The direction of the trend is unambiguous: losses are climbing, scam tactics are migrating to the devices people trust most, and the federal safety net has gaps. The steps above will not eliminate risk, but they address the specific vulnerabilities that federal data show fraudsters exploit most often. As of May 2026, the agencies involved have not yet adopted the GAO’s recommendation for unified reporting, which means consumers remain their own best first line of defense.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
