HomeHacker FilesStopping the loss: what actually works against cyber-enabled fraud
April 21, 2026

Stopping the loss: what actually works against cyber-enabled fraud

The biggest cybercrime losses don’t come from breached networks. They come from a gaps in controls that no firewall can close.

Americans lost $20.9 billion to cybercrime in 2025. The vast majority of that was not the result of breached systems or stolen passwords. It was the result of people being persuaded to move money themselves.

That distinction changes where prevention actually works. Cyber-enabled fraud — not direct intrusion — now drives most financial loss, and the groups most at risk are not defined by technical weakness but by role, responsibility and context. What follows is what actually reduces those losses.

The limits of what we already know

Awareness campaigns help. Fraud training raises the baseline. Most people now know not to click suspicious links or share passwords with callers they do not recognize.

But the cases generating the largest losses are not the obvious ones. They involve requests that appear routine, contacts that seem familiar, and timing that feels normal. The target is not foolish. They are operating with incomplete information in a situation that looks real. That is by design.

What awareness does not solve is the moment of decision. That is where most high-loss cases succeed, and where most controls are absent.

Where the interruption needs to happen

The highest-leverage point is not before the fraud begins. It is at the moment money moves or information changes. That is when a well-placed pause can shift the outcome.

Three interventions reduce losses without requiring perfect detection.

Independent verification breaks the chain. If a supplier updates their bank details by email, confirming that change through a separate channel — a phone number on file, not one included in the email — catches most payment redirection attempts. The fraud depends on the verification and the instruction sharing a channel. Separating them removes that dependency.

Workflow friction slows irreversible actions. A short delay on first-time payments or changes to established accounts creates a window for review. This is not about bureaucracy. It is about ensuring that the people responsible for approving a transaction have time to question it, rather than completing it under pressure.

Multiple approval points reduce single-point failure. When one person can receive, verify, and approve a payment, a single successful manipulation is enough. Requiring a second sign-off on high-value or unusual transactions does not eliminate the risk, but it means two people would need to be deceived simultaneously.

These controls are well understood. They are not widely applied because they introduce friction into processes designed for speed. That trade-off between efficiency and control is where many of the largest losses originate.

Recognizing pressure as a signal

Across the highest-loss cases in the FBI’s 2025 Internet Crime Report, urgency is a consistent feature. The request cannot wait. The approval is needed today. The supplier will lose the contract. The executive is in a meeting and needs this handled immediately.

That pressure is not incidental. It is a technique. It compresses the time available for scrutiny and positions caution as a problem rather than a safeguard.

Treating urgency as a signal to slow down, not speed up, is one of the most reliable behavioral shifts available. Legitimate urgent requests can usually survive a brief delay. Fraudulent ones depend on the delay not happening.

The role of technology

Technology cannot stop this category of fraud at the point of detection. A valid user, using valid credentials, completing an authorized action looks identical to the same user doing so under deception.

What technology can do is support the structural safeguards. Flagging first-time payees, surfacing changes to payment details, requiring confirmation for high-value transactions, or identifying deviations from established patterns — none of these prevent fraud directly, but they prompt the human review that does.

AI is already improving the scale and quality of fraud attempts. The FBI recorded more than 22,000 AI-related complaints in 2025, with losses approaching $900 million. The impact is not that AI creates new types of fraud. It makes existing ones more convincing and easier to execute.

What individuals can do

For individuals, the clearest safeguards follow a consistent pattern.

Verify unexpected requests through a channel you initiated, not one provided in the request itself. That applies to calls from banks, messages from employers, and instructions from suppliers alike. The FTC’s consumer guidance on scams offers a practical starting point.

Treat investment opportunities with skepticism proportional to their returns. The cases driving the largest individual losses in the FBI’s data involve platforms showing consistent, attractive gains before a withdrawal is blocked or a further payment demanded. If returns look reliable, the platform should withstand scrutiny from an independent source.

Slow down on anything involving cryptocurrency or irreversible payment methods. These are not inherently fraudulent, but fraudsters prefer them precisely because the transactions cannot be recalled.

What organizations can do

For organizations, the FBI’s data makes the same point: closing one vulnerability in isolation only leads criminals to adapt and exploit others. The response needs to be systemic, not reactive.

That means designing payment workflows that do not rely on a single point of approval, treating any change to banking details or supplier information as inherently high-risk, and supporting verification processes that are independent of the original request. Security teams are not positioned to stop these scams at the network level. Their role is to support systems that make risky decisions harder to execute without scrutiny.

The pattern is predictable. So is the fix.

The FBI’s 2025 data does not describe a problem that will be solved by a single control, product, or policy. The losses are too diverse, the methods too varied, and the targets too broadly distributed across roles, ages, and contexts.

What the data does make clear is that the failures are not random. They cluster around the same moments, the same process gaps, and the same misplaced trust in speed over verification. The fraud is professional and consistent. The response is not.

None of this requires new technology. It requires applying control at the points where losses actually occur. Until that happens consistently, the same patterns in the data will continue.

Sources

FBI Internet Crime Report 2025; FBI Cryptocurrency and AI Scams; FTC Scams

About NetworkTigers

NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, the company originally built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to global government agencies, Fortune 2000 companies, and healthcare companies. Visit www.networktigers.com

Katrina Boydon
Katrina Boydon
Katrina Boydon is a veteran technology writer and editor known for turning complex ideas into clear, readable insights. She embraces AI as a helpful tool but keeps the editing, and the skepticism, firmly human.

Popular Articles