United States & North America - Specific Scams & Legal Context
The United States lost $12.5 billion to internet crime in 2023. The most expensive scams are not the most obvious ones.
The Call That Cost $23,000
Margaret, 71, received a phone call in January 2024.
The caller said he was from Social Security. Her Social Security number had been linked to a drug trafficking case in Texas. She would be arrested unless she cooperated with their investigation. To protect her assets, she needed to convert her savings to gold bars and hand them to a federal agent at her home.
She did this twice. The second "agent" collected $23,000 in gold bars from her front door.
The Social Security Administration confirmed: they never call to warn you about your SSN being compromised. They contact you by letter.
The Numbers
$12.5 billion
in losses reported to the FBI IC3 in 2023.
880,418 complaints filed. Investment fraud ($4.57B) and Business Email Compromise ($2.9B) drove the largest losses. Actual losses are estimated at 6-7x the reported figure.
Source: FBI IC3 Annual Report, 2024Over-60s Lost $3.4 Billion in 2023
Adults over 60 are the most targeted age group by total loss. Tech support scams, investment fraud, and government impersonation are the three primary methods. Average loss per victim over 60: $33,915.
FBI Recovered $433 Million in 2023
The FBI's Recovery Asset Team successfully froze or recovered $433 million in 2023. Same-day reporting to IC3 is the single most important factor in recovery success.
US-Specific Scam Patterns
IRS and Tax Impersonation
Scammers call or email claiming to be the IRS. They say you owe back taxes and will be arrested if you do not pay immediately by gift card, wire, or cryptocurrency.
What the IRS actually does: The IRS contacts you by US mail first. They never demand immediate payment without allowing you to question the amount. They never require gift cards. They never threaten immediate arrest for tax debt.
Social Security and Medicare Fraud
Two distinct patterns:
- SSN suspension: Caller claims your SSN has been suspended or linked to crime. Asks you to move assets.
- Medicare fraud: Fake Medicare plans, billing for services not received, or callers offering free equipment in exchange for your Medicare number.
The rules: SSA does not suspend SSNs. Medicare does not call unsolicited to offer equipment. Never give your Medicare number to an unsolicited caller.
ACH Fraud, Wire Transfer, and BEC
Business Email Compromise (BEC) is the highest-loss fraud type in the US. Attackers impersonate suppliers or executives and instruct a target to wire funds to a new account. The average BEC loss per incident exceeds $125,000.
The one-step prevention: Always verify any change in bank details by calling the supplier directly - using a number you already have, not one provided in the email requesting the change.
Credit Reporting Fraud
Identity thieves use stolen SSNs to open credit accounts. A free security freeze at all three bureaus (Equifax, Experian, TransUnion) prevents new credit being opened in your name. It does not affect your existing accounts or credit score.
Federal Reporting Structure
| Agency | What to Report | Contact |
|---|---|---|
| FBI IC3 | Internet crime, BEC, investment fraud, wire fraud | ic3.gov |
| FTC | Consumer fraud, impersonation, identity theft | ReportFraud.ftc.gov |
| SSA OIG | Social Security fraud and impersonation | oig.ssa.gov |
| HHS OIG | Medicare and Medicaid fraud | oig.hhs.gov |
| CFPB | Financial product fraud, bank complaints | consumerfinance.gov/complaint |
| State AG | State-level fraud | naag.org |
State-Specific Cybercrime Laws
Federal law covers internet crime nationwide, but states add significant protections. Key examples:
| State | Key Law | What It Adds |
|---|---|---|
| California | CCPA / CPRA (2023) | Strongest consumer data rights in the US - right to know, delete, and opt out of data sale |
| New York | SHIELD Act (2020) | Broadest data breach notification requirement; covers any business with NY residents' data |
| Texas | Texas Data Privacy and Security Act (2024) | Opt-out rights for data sale; sensitive data requires opt-in consent |
| Virginia | CDPA (2023) | Consumer data access, correction, and deletion rights; controller accountability |
| Illinois | BIPA (2008) | Biometric data collection requires written consent; statutory damages of $1,000-$5,000 per violation |
For state-level cybercrime reporting: Contact your State Attorney General at naag.org. Many states have dedicated cybercrime or elder fraud units with authority to pursue local operators that federal agencies cannot prioritise.
US Scam Response Kit
Select the scam type you experienced. Get the exact federal reporting path and time-critical steps.
Three Things Worth Knowing
1. Report wire fraud to IC3 the same day. The FBI's Recovery Asset Team can contact the receiving bank and freeze funds if you report quickly. Same-day reports have significantly higher recovery rates than 48-hour reports.
2. A credit freeze is free and immediate. Free at all three bureaus. Does not affect existing accounts or your credit score. You can lift it temporarily for a loan application and refreeze in minutes. If your SSN has ever been exposed in a breach, this is worth doing now.
3. State attorneys general handle what the FTC cannot. For smaller-dollar scams or local operators, your State AG's consumer protection division is often more effective than federal agencies. Many states have dedicated elder fraud units. Find yours at naag.org.
One Question Before You Continue
Margaret handed $23,000 in gold bars to a stranger at her door, believing he was a federal agent protecting her assets during a Social Security investigation. Which single piece of knowledge would have prevented this?