A landmark Aspen Institute report reveals the staggering scale of online fraud losses and makes the case that only proactive disruption can shift the economics back in defenders’ favor.
The Aspen Institute has spent decades convening experts to address challenges that cross institutional boundaries, from climate policy to economic inequality to threats against democracy. In September 2025, its National Task Force on Fraud and Scam Prevention turned that model toward a problem that has quietly grown into a national security crisis: online fraud.
The scale of what they found is staggering. Digital scams now cost American households $158 billion a year, more than $430 million stolen every day. The proceeds flow to transnational criminal organizations operating from overseas safe havens, funding drug trafficking, human trafficking, and hostile state operations. Roughly 50 million Americans, one in five adults, have lost money to an online scam. And despite all of this, the United States has no coordinated national strategy to address it.
The resulting report, United We Stand, assembled more than 300 experts from 80 organizations across government, financial services, telecommunications, and consumer advocacy. It proposes 47 recommendations and over 100 practical next steps. For organizations already fighting brand impersonation and account takeover fraud, the report’s central argument will be familiar: reactive defense has failed, and the question now is what replaces it.
The scale of a crisis without a playbook
What distinguishes online fraud from other crime categories is the speed of its acceleration. Fraud losses reported to the FBI have increased fifteen-fold over the past decade. The FTC recorded $2.95 billion in impersonation-related losses in 2024 alone. In surveys measuring crime fear, scams now rank second only to identity theft, ahead of burglary, mugging, and every form of property crime. The problem has outgrown the institutions designed to address it.
The response remains fragmented in ways that benefit attackers. Victims often don’t know where to report crimes, and even when they do, they encounter government databases that can’t accept automated submissions. Major federal systems still require manual PDF uploads. The FBI’s IC3 and the FTC’s Sentinel operate in separate silos, and the intelligence that financial institutions, telecom providers, and digital platforms gather about active account takeover campaigns rarely flows between sectors quickly enough to matter.
Scam operators have learned to exploit this institutional chaos. Every hour of confusion between detection and coordinated response is another hour of uninterrupted revenue.
How AI changed the fraud calculus
The economics of online fraud have shifted decisively toward attackers. Generative AI has eliminated the friction that once constrained scam operations: the bad grammar, the clumsy design, the obvious tells that trained consumers to spot deception. A single operator with the right tools can now produce linguistically flawless phishing content, clone executive voices for deepfake vishing attacks, and generate localized scam pages targeting specific brands, all within minutes.
The Aspen report describes this as “ever-faster and more powerful forms of criminal deceit,” and the infrastructure supporting these operations has matured accordingly. Phishing-as-a-service platforms sell ready-made scam kits complete with templates and customer support, while cryptocurrency has streamlined the money laundering pipeline in ways that make stolen funds faster to move and harder to trace.
Defenders, meanwhile, remain largely bound to manual workflows, responding to fraud after it happens rather than intercepting it during execution. When attackers operate at machine speed and defenders respond at human speed, the outcome becomes predictable: by the time a scam is detected and reported, most of the damage is already done.
From reactive defense to fraud disruption
The report’s strategic contribution lies in reframing how success should be measured. Rather than evaluating defense by how quickly organizations respond after fraud occurs, the Aspen framework calls for breaking the scam business model itself, making operations unprofitable and risky before victims are ever reached.
In practice, this means dismantling fraudulent infrastructure while campaigns are still being assembled, not after customer complaints arrive. It means poisoning the data that scammers collect so that stolen credentials lose their value in underground markets. It means sharing threat intelligence across sectors in real time, so that a scam detected by one financial institution doesn’t proceed to target customers of the next.
The report points to Australia’s scam prevention framework as a model worth studying. There, companies face explicit obligations to detect and disrupt scam activity based on actionable intelligence. The Aspen recommendations also include “good Samaritan” liability protections for companies that act in good faith to block scams, addressing the legal uncertainty that currently discourages many organizations from taking aggressive preemptive action.
For security leaders accustomed to evaluating brand protection vendors on takedown speed and coverage, this framework raises the bar. The question becomes not just how fast a fraudulent site comes down, but whether your defensive posture actually disrupts the economics of the attack.
What coordinated defense requires
Scammers exploit seams between institutions, which means effective defense requires connecting the sectors they target: banking, telecommunications, digital platforms, social media, and payments. The report’s most concrete recommendations include modernizing federal reporting systems with APIs for bulk data submission, establishing a unified national reporting portal, and creating cross-sector intelligence-sharing mechanisms that operate at the speed fraud demands.
Congress and the White House are urged to declare scam prevention a national priority. Corporate leaders are asked to maintain anti-scam policies that go beyond compliance minimums and actively suppress fraud at every stage of its lifecycle. The romance scam epidemic, where victims lost $12.4 billion to pig butchering and relationship-based fraud, demonstrates how rapidly these schemes scale when platform defenses and institutional coordination fail to keep pace.
Consider what happens today when a bank detects a credential harvesting campaign targeting its customers. There is no efficient mechanism to alert the telecom provider delivering the smishing messages, the social media platform hosting the lure ads, or the hosting company serving the phishing page. Every gap in that communication chain becomes a window attackers can exploit, and they have become skilled at operating in the seams between institutions.
The Bottom Line
The Aspen Institute’s report arrives at a moment when the gap between fraud scale and defensive capability has never been wider. The $158 billion figure commands attention, but the more revealing trend may be the fifteen-fold increase in reported losses over a decade, a trajectory that AI-powered scam tools are only accelerating.
What the report gets right is the strategic reframe: treating fraud disruption as an offensive discipline rather than a reactive cleanup process. Organizations that wait for scams to reach their customers before acting are already operating inside the attacker’s decision cycle.
The institutions that will weather this era are building detection capabilities that identify threats during assembly, disruption mechanisms that degrade attacker economics, and intelligence-sharing partnerships that close the gaps between sectors. For security and fraud teams, the measure of a defensive program is no longer how quickly you respond after an incident occurs. It’s whether your capabilities extend far enough upstream to prevent the incident from reaching its targets at all.
Key Takeaways
Online fraud costs American households approximately $158 billion annually, according to the Aspen Institute’s National Task Force on Fraud and Scam Prevention. That translates to more than $430 million stolen per day. Roughly 50 million Americans, or one in five adults, have lost money to an online scam.
The report proposes 47 recommendations including declaring scam prevention a national priority, modernizing federal reporting databases with API access, establishing cross-sector intelligence sharing, and creating liability protections for companies that proactively block scams. It calls for a shift from reactive fraud remediation to proactive disruption of scam business models.
Generative AI has eliminated the traditional friction in scam operations by enabling flawless phishing content, voice cloning, and localized scam pages at minimal cost. Combined with phishing-as-a-service platforms and cryptocurrency laundering, AI allows attackers to operate at machine speed while most defenders still rely on manual, reactive workflows.
Most fraud damage occurs within hours of a scam launching. If defenders wait for customer complaints, reports, or blacklist updates before acting, the majority of victims have already been compromised. The Aspen report argues that defense must shift to proactive disruption, including dismantling infrastructure during assembly and poisoning stolen data to reduce its underground market value.
A whole-of-ecosystem approach connects all sectors that scammers exploit, including banking, telecom, digital platforms, social media, and payments, through shared intelligence and coordinated action. Currently, fraud intelligence stays siloed within individual institutions, giving attackers time to exploit gaps between sectors. The Aspen report calls for unified reporting portals and cross-sector data-sharing mechanisms.
