Cybercrime

US FTC reveals record losses from imposter scams in 2025

The US Federal Trade Commission said consumers reported losing $3.5 billion to imposter scams in 2025, nearly tripling from 2020.

The FTC said imposter scams were the most reported fraud category last year, accounting for nearly one in three fraud reports. Consumers were targeted through text messages, phone calls, email, social media, search engine results and other channels.

Some of the costliest scams began with fake security alerts that often appeared to come from banks. Victims were persuaded to move money to ‘protect’ it, with losses often limited only by the funds they had available.

Consumers reported losing nearly $1 billion to business impersonators in 2025, with the highest losses linked to bank impersonators. Reported losses to government impersonators reached about $920 million, up from $789 million in 2024.

The figures form part of a wider rise in reported fraud losses. The FTC said consumers reported losing about $16 billion to all types of fraud in 2025, the highest figure on record and around 25% higher than in 2024.

The data were released as the FTC, the Department of Justice, the Department of Health and Human Services and members of the Elder Justice Coordinating Council launched the Never Ever campaign. The public-private campaign aims to raise awareness of government and business imposter scams, including scams affecting older adults.

The FTC also pointed to its 2024 Impersonation Rule, which gives the agency stronger tools to pursue scammers impersonating government agencies and businesses. Since the rule was finalised, the FTC said it has brought a dozen enforcement actions and obtained more than $70 million in redress for consumers.

Why does it matter?

Imposter scams exploit trust in digital communications, financial institutions and government services. Fake bank alerts, official-looking messages and multi-channel fraud campaigns can push consumers to act quickly and transfer money before they verify the request. The FTC’s response shows how consumer protection is increasingly combining fraud data, enforcement tools and public education to address digital trust risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic forced to disable Fable 5 after US directive

Anthropic has disabled access to Claude Fable 5 and Claude Mythos 5 after receiving a US government export control directive citing national security authorities.

The company said the directive requires it to suspend access to the models by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. Anthropic said the practical effect is that it must remove access to Fable 5 and Mythos 5 for all customers to ensure compliance. Access to its other models is not affected.

According to Anthropic, it received the directive on 12 June at 5:21 p.m. ET. The company said the order did not provide specific details of the national security concern, but that it understands the government believes it has become aware of a method for bypassing, or jailbreaking, Fable 5.

Anthropic said it reviewed a demonstration of the technique being used to identify a small number of previously known minor vulnerabilities. The company argued that those vulnerabilities appeared relatively simple and could also be identified by other publicly available models without requiring a bypass.

Anthropic said Fable 5 had been red-teamed before launch by its internal teams, the US government, the UK AI Safety Institute and third-party organisations. The company said no tester had found a universal jailbreak capable of broadly bypassing the model’s safeguards.

The company said it is complying with the directive but disagrees that a narrow potential jailbreak should justify recalling a commercial model. It also argued that applying such a standard across the industry could effectively halt new frontier model deployments.

Anthropic said governments should be able to block unsafe AI deployments through a transparent and technically grounded statutory process, but said the current action does not meet those principles. The company said it is working to restore access as soon as possible.

Why does it matter?

The case shows how national security and export-control powers can directly affect access to frontier AI systems after deployment. It raises a major governance question: when should governments be able to suspend access to advanced models, and what evidence, transparency and due-process safeguards should apply? The dispute also highlights the growing tension between frontier AI safety, commercial deployment, cross-border access and government intervention in dual-use technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol warns of rising online exploitation of minors

Europol has warned that criminal networks are increasingly using digital platforms to target, manipulate and recruit minors into criminal activity.

The agency said offenders exploit online environments, including dark web portals, social media networks, games and e-commerce platforms, which can offer anonymity, reach and operational efficiency. Europol and the EU member states have observed growing use of these digital tools to target and recruit minors.

According to Europol, young people are being drawn into offences including cyberattacks, drug distribution, online fraud and money laundering. In some cases, minors are also exposed to extremist ideologies, manipulation and pressure from online communities.

Europol said digital tools have made recruitment easier to scale and harder to detect. Minors may initially be approached as victims, but can later be pressured into carrying out further offences, increasing both the harm to the child and the reach of criminal networks.

The agency said it is working with the EU member states and international partners to strengthen intelligence sharing, operational support and the disruption of criminal groups. Prevention efforts also include awareness-raising and guidance for parents, educators and communities to help identify risks and support vulnerable minors.

Why does it matter?

The warning shows how child safety and organised crime are increasingly overlapping in online spaces. Social media, gaming environments, e-commerce platforms and dark web channels can be used not only to exploit minors, but also to recruit them into cybercrime, fraud, drug distribution or extremist networks. That creates a governance challenge for law enforcement, schools, parents and platforms, especially where manipulation, anonymity and cross-border digital services make early detection difficult.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

EPRS reveals critical Cybersecurity Act impact assessment gaps

The European Parliamentary Research Service has published an initial appraisal of the European Commission’s impact assessment for the proposed revision of the Cybersecurity Act, finding that the Commission makes a strong case for reform while leaving several analytical gaps.

The Commission proposed the revision on 20 January 2026, alongside a directive on simplification measures under the NIS2 Directive. The proposals were referred to the European Parliament’s Committee on Industry, Research and Energy.

The package covers ENISA’s mandate, the European Cybersecurity Certification Framework, NIS2 compliance simplification and a proposed EU-level framework for ICT supply chain security. EPRS said the impact assessment responds to a more complex cybersecurity landscape, stalled implementation of certification rules, fragmented compliance requirements and growing supply chain risks.

The briefing found that the Commission’s assessment effectively substantiates the need to revise the Cybersecurity Act. It praised the problem definition, intervention logic, use of qualitative and quantitative analysis, SME test, competitiveness check and transparency around evidence and methodology.

However, EPRS also identified weaknesses. It said the assessment lacks operational objectives, does not include a subsidiarity grid despite the initiative’s political significance, and has no distinct proportionality section. The briefing also questioned whether some policy options are sufficiently distinct, noting that they appear partly cumulative.

EPRS said stakeholder consultation feedback could have been reflected more clearly, especially in the analysis of policy options, impacts and the preferred approach. It also noted that the Regulatory Scrutiny Board first issued a negative opinion on the draft impact assessment, then later issued a positive opinion with reservations.

The briefing concluded that the Commission’s legislative proposals are mostly aligned with the preferred options in the impact assessment, although some issues remain.

Why does it matter?

The Cybersecurity Act revision could reshape several pillars of the EU cyber policy at once, including ENISA’s role, cybersecurity certification, NIS2 compliance and ICT supply chain security. EPRS’s appraisal matters because it provides lawmakers with an early quality check of the evidence underpinning the Commission’s proposal. The briefing suggests the policy case for reform is strong, but also highlights gaps that may become important during parliamentary scrutiny, especially around proportionality, subsidiarity and the design of policy options.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyber Europe 2026 tests EU response to large-scale cyber crises

The EU Agency for Cybersecurity has led Cyber Europe 2026, a two-day exercise testing Europe’s response to large-scale cyberattacks on rail and maritime transport networks.

The exercise, held on 10 and 11 June, brought together more than 5,000 participants from national cybersecurity agencies, EU and EFTA public and private sector organisations, the EU entities and industry. It was designed to strengthen cyber preparedness and test the continuity of essential services during a major crisis affecting interconnected transport systems.

The scenario simulated coordinated attacks on critical maritime and railway infrastructure across Europe. Port logistics and navigation systems were compromised, cargo movements were halted, and safety risks emerged. Railway networks were also disrupted, with cross-border trains frozen and passengers and supplies delayed.

Participants also had to respond to ransomware attacks affecting transport authorities and ticketing services, as well as exposure of sensitive passenger and emergency information. ENISA said the scenario required information-sharing and coordination at technical, operational and political levels.

Cyber Europe 2026 also tested the EU Cybersecurity Blueprint, revised in 2025 to strengthen crisis management for large-scale incidents. For the first time, the EU Cybersecurity Reserve was tested under Cyber Europe, using a scenario that required participants to follow ENISA procedures for activating incident response support under the mechanism.

ENISA said findings from the exercise will be analysed in after-action reports to identify weaknesses and improve Europe’s preparedness and response processes.

Why does it matter?

The exercise shows how cyber incidents affecting transport infrastructure can quickly move beyond technical disruption into broader economic, safety and crisis-management risks. Ports, railways, logistics systems, ticketing platforms and navigation tools are increasingly interconnected, often combining legacy operational technology with modern digital systems. Testing EU-level coordination matters because attacks on transport networks can affect trade, military mobility, emergency response and public trust across borders.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Singapore warns of Microsoft impersonation scams causing major losses

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have warned the public about technical support scams that impersonate Microsoft. Authorities said at least 10 cases had been reported since February 2026, with total losses exceeding S$1.7 million.

In this scam variant, victims typically encounter a pop-up alert in their web browser. The alert falsely appears to originate from Microsoft and claims that the user’s device has been hacked or compromised.

Victims are then instructed to contact a so-called technical support officer through an internet-based phone number. After making contact, victims may be transferred to another scammer posing as a police officer, who claims that their device has been used for criminal activities such as money laundering.

Authorities in Singapore said victims may be instructed to make bank transfers, provide banking credentials, or grant remote access to their devices. In some cases, scammers asked victims to download remote access applications or click links that allowed them to take control of bank accounts.

SPF and CSA advised members of the public to verify alerts through official software provider channels. They noted that Microsoft does not include phone numbers in error or warning messages, and that users should not call numbers displayed in suspicious pop-ups or click links or buttons within such alerts.

People who believe they have fallen victim to the scam are advised to disconnect their computer from the internet, contact their bank, remove applications installed under the scammer’s instructions, and run an anti-virus scan. They should also change passwords and banking credentials using a trusted device, remove unauthorised payees, and report the incident to the police and CSA’s SingCERT.

Why does it matter?

Technical support scams remain one of the most effective forms of cyber-enabled fraud because they combine social engineering, impersonation and remote access techniques. By exploiting trust in well-known brands such as Microsoft and creating a sense of urgency, scammers can persuade victims to hand over sensitive information or direct access to their devices.

The cases also highlight how cybersecurity and financial security are increasingly interconnected. Basic cyber hygiene practices, such as verifying security alerts through official channels, avoiding unsolicited remote access requests and reporting incidents quickly, can help prevent account compromise and reduce financial losses.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Europol-backed operation dismantles crypto laundering service used by ransomware gangs

An international law enforcement operation has dismantled a cryptocurrency laundering service allegedly used by ransomware gangs and cybercriminal networks to process more than €336 million in illicit funds.

The platform, known as ‘AudiA6’, is suspected of laundering proceeds from ransomware attacks, large-scale cryptocurrency thefts and other cybercrime activity between 2022 and 2025. Europol said the service was linked through its analysis to more than 15 international cybercrime investigations.

The coordinated action, supported by Europol and Eurojust, led to the arrest of two alleged administrators in Georgia. Authorities also took down 25 domains, seized more than 30 servers, blocked Telegram accounts used by the network and froze or seized cryptocurrency assets worth more than €778,000.

Investigators allege that the service used thousands of fraudulent exchange accounts created with stolen or purchased identities. Criminal clients allegedly transferred cryptocurrency to wallets controlled by the group and received laundered funds through complex transaction chains designed to obscure the money trail.

Authorities also confiscated more than 80 vehicles and several properties in Georgia. Europol said the case highlights how specialised money laundering services help sustain ransomware and other forms of cybercrime by making it easier for criminal groups to cash out stolen digital assets.

Why does it matter?

Crypto laundering services are a key part of the cybercrime economy because they allow ransomware groups and other attackers to turn stolen digital assets into usable funds. Disrupting such infrastructure can weaken criminal business models. Still, the case also shows why cybercrime investigations increasingly require cooperation between cyber units, financial investigators, prosecutors, crypto exchanges and cross-border law enforcement agencies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

UN Cybercrime Convention Protocol talks reveal competing visions

The process of developing a supplementary protocol to the UN Convention against Cybercrime has begun, with early state submissions already showing competing views over its scope and timing.

The Ad Hoc Committee Secretariat invited preliminary written inputs on the possible scope, objectives and structure of a draft protocol supplementary to the Convention, also known as the ‘Hanoi Convention’. The mandate follows UN General Assembly resolution 79/243, which asked the Committee to negotiate a draft protocol addressing, among other issues, additional criminal offences.

The United States questioned the exercise’s premise, arguing that discussions on a supplementary protocol are premature because the Convention has not yet entered into force and its implementation has not yet been tested. Washington called for the Committee first to address whether a protocol is needed at all before discussing its scope, objectives and structure.

Russia, by contrast, submitted a draft protocol text covering a broad range of offences, including terrorism financing, extremism, arms and drug trafficking, critical information infrastructure, unauthorised access to personal data and crimes involving AI. The proposal reflects a wider approach to criminalisation, including content-related offences that are likely to be contested by states concerned about overreach, legal certainty and human rights safeguards.

Other early submissions appear more cautious. Brazil, Nigeria, and Ecuador broadly support advancing the protocol process, while signalling the need to limit its scope and maintain attention to safeguards. Brazil warned against including offences where there is insufficient international consensus, while Ecuador proposed a structure that includes emerging offences, digital evidence, public-private cooperation, proportionality and human rights.

The early inputs point to a familiar divide in UN cybercrime negotiations: whether the treaty framework should remain focused on classical cybercrime, electronic evidence and criminal justice cooperation, or expand further into content-based offences, national security concerns and politically sensitive forms of online conduct.

Why does it matter?

A supplementary protocol could shape the evolution of the UN cybercrime framework after the adoption of the main Convention. If states use the protocol to add broad or content-related offences, the treaty system could move beyond core cybercrime and electronic evidence cooperation into areas with direct implications for freedom of expression, human rights safeguards, political speech, platform governance and state sovereignty. The early submissions suggest that those unresolved tensions are already resurfacing before the Convention has entered into force.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Google highlights rising online scam threats

Google has warned that online scams remain a major global challenge, citing estimates that fraud losses could reach nearly $580 billion in 2025.

In its latest fraud and scams advisory, the company said phishing attacks are becoming more sophisticated, with criminals using adversary-in-the-middle techniques and QR code phishing, also known as quishing, to steal credentials and bypass security measures.

The advisory also highlighted risks linked to cryptocurrency investment scams, malicious finance applications and police impersonation schemes. According to Google, scammers are using AI, social engineering and trusted digital services to deceive users, obtain money and collect sensitive information.

Google said its Trust & Safety teams are using AI tools, predictive analytics and policy enforcement to detect and disrupt fraudulent activity across its services. The company also pointed to measures such as stronger protections for session cookies, enforcement against deceptive crypto ads, monitoring of post-installation app behaviour and developer identity verification for apps installed on certified Android devices.

The company urged users to be cautious of unsolicited communications, unrealistic investment promises, unexpected QR codes and requests for personal or financial information.

Why does it matter?

The advisory shows how online fraud is becoming a cross-platform governance problem rather than a narrow cybersecurity issue. Scams now rely on trusted cloud services, mobile apps, messaging platforms, crypto infrastructure and impersonation of public authorities. That creates pressure on major technology companies to strengthen detection, app accountability and policy enforcement, while raising broader questions about consumer protection, platform responsibility and digital trust.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Crypto mixers gain recognition in US Treasury assessment

The US Treasury Department has acknowledged that cryptocurrency mixers may have lawful privacy uses, while warning that such tools remain vulnerable to abuse by illicit actors.

In a March 2026 report to Congress on innovative technologies to counter illicit finance involving digital assets, Treasury said lawful users may rely on mixers to protect sensitive financial information when transacting on public blockchains. The report said users may seek to conceal details about personal wealth, business payments, charitable donations or consumer spending habits.

Treasury distinguished between custodial digital asset services, including custodial mixers, and decentralised or non-custodial mechanisms that can operate without a central intermediary. Custodial services that accept and transmit value may be required to register with the Financial Crimes Enforcement Network as money services businesses, maintain records and file suspicious activity reports.

The report nevertheless stressed that criminals commonly use mixers, bridges and swaps to make illicit digital asset flows harder to trace. Treasury said mixing is frequently used by North Korea-linked cyber actors, money launderers, ransomware actors and darknet market participants.

Treasury also warned that stablecoins can form part of complex laundering processes involving mixers and other obfuscation techniques. According to the report, illicit actors may move stolen or fraud-linked assets through mixers and then swap them into stablecoins to break the traceable link to the original criminal activity.

The assessment was prepared under the GENIUS Act, which required the Treasury to examine innovative tools for countering illicit finance involving digital assets, including the role of mixers, tumblers and similar services.

Why does it matter?

The report shows the regulatory tension at the centre of digital asset policy: privacy tools can protect legitimate users on transparent public blockchains, but the same tools can also weaken AML/CFT controls, sanctions enforcement and law enforcement tracing. Treasury’s framing matters because future rules on mixers, DeFi, blockchain analytics and stablecoin compliance will need to balance financial privacy with security and illicit finance risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.