Stopping Digital Scams

Consumers lost $12.5 billion to scams in 2024. Imposter scams, for example, were the most commonly reported category and claimed nearly $3 billion. To combat this growing problem, the Federal Trade Commission (FTC) issued a final rule in March 2024 prohibiting anyone from posing as a government or business entity.

Impersonating a government or business has always violated the FTC Act, but the new rule augments the FTC’s ability to seek civil penalties against scammers and monetary relief for consumers.

The FTC obtained consumer redress through Section 13(b) of the FTC Act for decades, securing billions of dollars. In 2021, however, the U.S. Supreme Court held that the provision did not actually authorize the agency to obtain monetary relief. The provision only authorized injunctions.

The 2024 rule solves this problem. By classifying the rule as a trade regulation rule, which defines the prohibited practices upfront, the FTC does not need to prove in an administrative hearing that the conduct was deceptive—only that the conduct violated the rule. This streamlined process allows the agency to go directly to federal court to seek civil penalties and consumer refunds. The rule restores the speed and deterrent power the agency lost after the Supreme Court’s 2021 decision.

The rule declares it unlawful to “materially and falsely” pose as a government entity, officer, business, or business representative, and it bans misrepresenting affiliation or endorsement by any government entity or company. It also targets look-alike websites, spoofed email domains, and deceptive business logos.

In the year since the rule took effect, the FTC has shut down more than a dozen fraudulent websites and brings new enforcement actions against operators posing as government programs, banks, and tech-support services.

Despite these enforcement efforts, digital fraud continues to thrive because scammers use technologies that evolve faster than regulators can keep pace. The FTC warns that companies deploy artificial-intelligence (AI) tools to deceive consumers, including inaccurate “AI lawyers” and a service to generate unlimited fake reviews.

Cryptocurrency also makes scams more difficult to counter. Crypto enables instant, irreversible transfers that are difficult to trace or recover, in part because scammers route stolen funds through overseas exchanges and shell wallets that obscure their origins. The FTC reports that consumers lost more than $1 billion in crypto-based scams in 2024 alone.

Although the new impersonation rule gives the FTC a quicker pathway to seek penalties and refunds, broader gaps remain in the government’s cyber-fraud response. Federal oversight is fragmented across agencies, with no unified strategy for scams that span multiple platforms and payment systems. A recent Government Accountability Office report warns that the United States lacks coordinated data collection and cross-agency enforcement mechanisms—conditions that digital scammers exploit.

In this week’s Saturday Seminar, scholars recommend policy approaches to fighting cybercrime.

• The main challenge in combatting the AI-driven proliferation of cybercrime is awareness, argues Philip Treleaven of the University College London and his coauthors in a paper. Among other uses of technology for illegal ends, the Treleaven team highlights the use of generative AI to write crimeware software and identify potential victims using data analytics. Treleaven and his coauthors explain that policy approaches to cybercrime must balance the value of innovation against the necessity of regulation. The Treleaven team recommends updating law enforcement training and restructuring law enforcement methods to detect and prosecute emerging and novel forms of cybercrime. Treleaven and his coauthors emphasize that although technological advances pose unprecedented challenges, they can also be leveraged to combat crime.
• In a working paper, Lin William Cong of Cornell University and several coauthors explain that cryptocurrency’s pseudonymous architecture makes it extremely difficult for officials to determine who is behind cybercrimes. The Cong team describes how illicit actors move funds through thousands of wallets and use privacy tools that make transactions harder to trace and hinder enforcement efforts. Even sophisticated forensic methods often struggle to keep pace with criminals’ rapidly evolving tactics to hide their tracks, Cong and his coauthors note. The Cong team argues that meaningful oversight will require sustained collaboration between law enforcement agencies and technology companies, emphasizing that authorities need deeper industry partnerships to investigate blockchain-based crimes.
• Victims of fraud are not motivated solely by the magnitude of their financial loss to report their experiences, argues Rouchen Liao of Ball State University and Raghav Rao of the University of Texas San Antonio in a working paper. Liao and Rao distinguish between private action, which occurs when consumers express their dissatisfaction with the fraudulent seller, and public action, which typically involves third parties such as consumer protection agencies or regulatory bodies and may involve litigation. Liao and Rao explain that aggrieved consumers tend to seek private action when losses are high and engagement with the scammer requires little effort, and typically pursue public action when there’s ample evidence of injustice, regardless of the scale of financial losses.
• The United States’s fragmented approach to digital fraud enforcement falls behind Singapore’s more comprehensive regulatory system, argues David Krause of Marquette University in a working paper. Krause notes that federal agencies’ overlapping jurisdiction leads to inconsistent enforcement and creates gaps that scammers can exploit. Krause contends that the system must be centralized to coordinate oversight, strengthen public-private collaboration, and support education efforts that help individuals recognize scams. Krause contrasts the U.S. model with Singapore’s far more effective framework, in which unified oversight, strong data-protection laws, and close cooperation between government and private entities allow regulators to detect and respond to fraud effectively.
• In a working paper, Ekaterina Botchkovar of Northeastern University and several coauthors examine how people on the dark web weigh the risks and rewards of engaging in cybercrime. Drawing on survey responses from 123 users, the Botchkovar team finds that spending time in dark-web communities and having peers involved in cyberoffending makes illicit activity seem safer and more appealing. Botchkovar and her coauthors explain that shifts in perceived legal, financial, and personal risks weaken traditional deterrence, as users come to see cybercrime as low-risk and high-reward. Botchkovar and her coauthors argue that regulators should prioritize more frequent takedowns of dark-web platforms and targeted deterrent messaging to disrupt these risk-minimizing and reward-maximizing decision-making patterns.
• Scott Shackelford of Indiana University and several coauthors chart the evolving cyber-threat landscape, emphasizing risks to institutions, in an article in the University of Miami Law Review. Shackelford and his coauthors note that enterprises face sophisticated attacks—from state-sponsored actors, supply-chain intrusions and ransomware campaigns—that threaten business operations and critical infrastructure. To prevent and mitigate these risks, the Shackelford team contends, firms must adopt a comprehensive governance framework, including board-level oversight and executive accountability. The Shackelford team advises companies to be aware of existing cyberthreats, maintain an organized incident response plan, and be proactive in identifying governance gaps. Shackelford and his coauthors recommend mock breach drills, monitoring of threat intelligence, and aligning cyber-strategy with broader business priorities.