AI-enabled fraud and impersonation: what IAM teams need to act on

TL;DR: The FBI’s 2025 IC3 report recorded $20.877 billion in cybercrime losses, with 85% tied to cyber-enabled fraud and $893 million linked to AI-related complaints, underscoring how AI is amplifying impersonation, BEC, and persistent fraud campaigns, according to Abnormal AI’s analysis of the report. Identity and access programmes now have to treat behavioural trust, not just technical compromise, as the primary control surface.

NHIMG editorial — based on content published by Abnormal AI: FBI IC3 2025 cybercrime report analysis and AI-driven fraud findings

By the numbers:

• The FBI’s 2025 IC3 report recorded $20.877B in cybercrime losses, a 26% YoY increase.
• AI cybercrime led to $893M in losses from 22,364 complaints.
• Business email compromise caused $3B in 2025 losses.

Questions worth separating out

Q: How should security teams respond when AI makes business email compromise harder to spot?

A: Teams should move beyond message inspection and verify the requester, the channel, and the business context before allowing action.

Q: Why do AI-enabled impersonation attacks create a human identity governance problem?

A: Because the attack succeeds by manipulating trust decisions made by people inside legitimate processes.

Q: What breaks when fraud detection relies only on known-bad indicators?

A: Known-bad indicators miss attacks that are newly generated, context-specific, and conversational.

Practitioner guidance

• Tighten verification on high-risk approval paths Require out-of-band verification for payment, payroll, vendor bank detail, and privileged access changes, with a verified second channel before execution.
• Baseline communication patterns by role Model normal sender, recipient, timing, and escalation patterns for executives, finance teams, and suppliers so deviations can trigger review before action is taken.
• Rework fraud controls around conversation sequences Detect multi-step interaction patterns, not just suspicious messages, because AI-assisted fraud often starts with a plausible opening and escalates through follow-up pressure.

What's in the full analysis

Abnormal AI's full analysis covers the operational detail this post intentionally leaves for the source:

• FBI IC3 loss breakdowns by fraud category, including the specific AI-related complaint totals and loss figures.
• Abnormal AI's examples of how AI changes BEC execution quality across email and voice-based impersonation.
• Behavioural detection patterns used to distinguish normal communication from AI-assisted fraud.
• The report's recommended defensive posture for organisations responding to AI-driven impersonation and social engineering.

👉 Read Abnormal AI's analysis of AI-driven cybercrime and impersonation risk →

AI-enabled fraud and impersonation: what IAM teams need to act on?

Explore further

View Full Forum →  |  NHI Foundation Course →