Ransomware and other cyberattacks represent a tiny fraction of the fraud complaints that Americans file with the Federal Trade Commission, the FTC said in a report published on Friday.
The newly released data, contained in an annual report mandated by Congress, underscore the fact that other schemes, such as tech-support scams, are a more persistent threat to consumers and should be top of mind for businesses hoping to avoid their own potential security incidents.
“Imposter scams — a general category of fraud complaints where someone pretends to be a trusted person to get consumers to send money or give personal information — are the most common category of fraud reported by consumers since July 1, 2023,” the FTC said in its report.
Tech-support scams are a consistent presence in the FTC’s data, although the commission said they pale in comparison to other impostor scam reports. Since July 2023, less than 3% of all fraud reports concerned tech-support scams, with only 11% of the scams originating from outside the U.S. “It may be that consumers report a U.S. source because the scam often involves impersonating well known U.S. technology companies,” the FTC said.
As for ransomware and other malware-based attacks, the FTC said it had received roughly 128,000 reports of such attacks between July 2023 and July 2025, accounting for less than 3% of all fraud complaints. “As a general matter, the FTC receives few complaints about ransomware or other computer exploits, especially when compared to other types of reported fraud,” the commission said.
Roughly one-fifth of the malware complaints alleged a foreign source, with the Philippines and Nigeria appearing most frequently.
The FTC received more than five million fraud complaints in total between July 2023 and July 2025, with roughly 11% of them originating from foreign sources.
Lesson for businesses
While the FTC’s report emphasizes the consumer-protection implications of the data, the agency has also been warning businesses about protecting their information from hackers and scammers.
In the report, the commission highlighted its business education program, which contains guidance on avoiding ransomware attacks, scams and other cyber incidents. The resources include blog posts with tips, a video on ransomware prevention and a quiz to test employees’ preparedness.
“Businesses often serve as the front-line defenses against cyber attacks and are responsible for engaging in reasonable practices to safeguard consumer data,” the FTC said in its new report. “As a result, one of the most important ways to fight ransomware attacks is for businesses to take reasonable and appropriate steps to protect themselves and the data in their possession.”
To avoid ransomware attacks, the FTC said, businesses should thoroughly train employees to recognize suspicious emails, improve authentication requirements for email and other systems, deploy intrusion-detection software and perform regular data backups.
International cooperation
To support its work combating harmful and fraudulent conduct, the FTC regularly coordinates with foreign partners to gather data and investigate violators. As part of the FTC’s annual reports, Congress requires the agency to include information about cooperation with the U.S.’s major cyber adversaries — Russia, China, Iran and North Korea — on data security protection and enforcement activities.
The FTC has not interacted with Iran or North Korea and has had only “limited interactions” with Russian and Chinese counterparts over the past few years, according to the new report, with “little or no direct enforcement cooperation on ransomware or cyber-related attacks.”
FTC employees met informally with representatives from a Chinese consumer protection agency at an international conference in Washington, D.C., in 2024, according to the report. The Chinese officials proposed negotiating an agreement for voluntary investigative cooperation, the FTC said, but “no further engagement on these or other consumer protection topics occurred.”
Legislative push
In its report, the FTC urged Congress to permanently authorize the USA SAFE WEB Act, which authorizes several important forms of international cooperation. “Without SAFE WEB, the FTC’s ability to work with international partners would be significantly curtailed,” the agency said. “A lapse of such legislation would deprive the FTC of its clear authority to pursue fraudulent and other harmful conduct relating to foreign commerce, likely having a dramatic impact on U.S. consumers.”
