Brand impersonation and imposter-scam statistics (2026)

Brand impersonation is one of the most pervasive forms of fraud reaching American consumers and small businesses. Fraudsters register lookalike domains, copy legitimate websites with near-pixel accuracy, and route victims through fake customer-service portals and spoofed communications. The scale of the resulting harm appears in data published by the Federal Trade Commission and the FBI's Internet Crime Complaint Center. The figures below represent the best currently available federal benchmarks.

Quick-reference statistics table

The FTC data: imposter scams lead all fraud categories

2025 figures (reported June 2026)

The Federal Trade Commission's June 2026 press release on 2025 Consumer Sentinel data reports that U.S. consumers lost $3.5 billion to imposter scams in 2025 — making imposter scams the most-reported fraud category for that year. The imposter category is broad by design: it captures fake government agencies, copycat business websites, lookalike customer-service portals, fraudulent tech-support operations, and cloned social-media profiles, all grouped under the shared mechanism of assuming a trusted identity.

2024 figures (reported March 2025)

The FTC's March 2025 report on 2024 Consumer Sentinel data documented $12.5 billion in total reported fraud losses across all categories in 2024 — a $2.5 billion increase over 2023. Imposter scams were the most commonly reported category in that dataset as well, accounting for approximately $2.95 billion of that total. A particularly notable sub-figure: government-impersonation fraud alone cost consumers $789 million in 2024, illustrating how effectively criminals exploit trust in institutional names such as the Social Security Administration, IRS, or Medicare.

Taken together, the 2024 and 2025 FTC reports show imposter scams holding the top position in both complaint volume and reported dollar losses across consecutive years, with the total rising substantially between reporting periods.

FBI IC3: 859,532 complaints, phishing at the top

The FBI's Internet Crime Complaint Center received 859,532 complaints in 2024, according to its 2024 Annual Report. Of the complaint types tracked by IC3, phishing and spoofing ranked first by volume — more complaints than any other category the Bureau monitors.

Phishing and spoofing are the technical delivery layer of most brand-impersonation campaigns. Phishing encompasses the deceptive emails and webpages that mimic trusted entities to harvest credentials or payments. Spoofing covers the forged caller IDs, sender addresses, and lookalike domain names that make those messages appear legitimate. In practice, a brand-impersonation operation often begins with a spoofed domain and a cloned website, then uses phishing communications to route victims to the fake destination — which is why IC3's phishing data and FTC's imposter-scam data together describe two faces of the same fraud pattern.

Why impersonation keeps growing

Several structural factors sustain the growth of impersonation fraud. Domain registration is fast, inexpensive, and accessible from anywhere in the world — a convincing lookalike domain can be registered and pointed to a cloned site within minutes. Free website builders and widely available page-source inspection tools mean copying the visual identity of a legitimate business requires no meaningful technical skill. Search engines and social platforms can surface clone sites to consumers who are actively searching for the brand being impersonated, sometimes ahead of the legitimate result.

Impersonation fraud also scales efficiently. A single fake website can process fraudulent transactions against thousands of victims simultaneously, making the return on a modest setup effort disproportionately high. That asymmetry — low cost to launch, high potential yield — is what keeps new impersonation infrastructure appearing faster than takedown actions can eliminate it. Understanding what a clone website is, and how to take one down, is the starting point for any response.

What it means for small businesses

Large enterprises typically have brand-protection legal teams, dedicated takedown vendor contracts, and security operations centers monitoring the web for fakes around the clock. Small and mid-sized businesses rarely have any of those resources — and they are frequently targeted for exactly that reason. A thin domain portfolio, a slow response window, and customers who may not be suspicious of a well-designed lookalike site all make smaller brands attractive targets.

A single clone website can generate payment chargebacks, erode hard-earned customer trust, and trigger law-enforcement referrals that the legitimate business must spend time responding to — all before the business owner learns the fake site exists. The FTC and FBI figures above measure harm that has already occurred. Continuous brand-protection monitoring is designed to catch clone infrastructure while it is being assembled, before it accumulates victims.

Businesses that want to understand their exposure can use the Omega Guard public verification tool to check whether a domain is enrolled and fingerprinted, or to report a suspected clone.