When diagrams of global risk talk about cybercrime, the conversation usually drifts toward hacking, ransomware, or stolen credit cards. But there’s a quieter giant hiding in plain sight: email fraud and bad data.
The numbers are staggering. In the U.S. alone, the FBI logged over $12.5 billion in losses to email-based scams between 2019 and 2023. Globally, billions of new internet users are coming online – many for the first time – creating fertile ground for phishing and fraud. And every fake, disposable, or compromised email address doesn’t just hurt one victim; it erodes deliverability for every business trying to reach the inbox.
This isn’t theory. It’s written in government databases and international stats. So we pulled the numbers together, crunched them, and translated them into plain language. The goal: to show businesses what’s really at stake, and how to get ahead of it before inboxes slam shut.
Methodology & sources
All numbers in this report come from official, public data.
- Fraud losses & complaints for U.S. “fraud hotspots.”: FBI Internet Crime Complaint Center (IC3), 2024 Internet Crime Report and FBI press release, April 2025.
- Population data: We normalized by state population using U.S. Census Bureau Vintage 2024 estimates (population as of July 1, 2024).
- Consumer complaint trends: FTC Consumer Sentinel Network Data Book 2024 and its companion “Explore Data” dashboard to frame national consumer-reported fraud trends and to confirm definitional scope.
- Global internet adoption: World Bank Internet users (% of population) and for global roll-ups and 2023 adds, the ITU Facts & Figures 2023.
We calculated complaints per 100k residents and losses per capita using FBI reports and Census population data. For global growth, we compared World Bank 2022 vs 2023 internet usage figures to estimate where the biggest net gains came from.
The U.S. spotlight: which states lose the most to email fraud?
According to the FBI’s Internet Crime Complaint Center (IC3), Americans lost a record $12.5 billion to email scams between 2019 and 2023. But losses weren’t spread evenly — some states got hit far harder than others.
Here are the top 10 states by total losses to email fraud over that period:
| Rank | State | Total losses (2019–2023) | Per-capita losses (approx.) |
| 1 | California | $2.7B+ | $68 per resident |
| 2 | Florida | $1.2B+ | $55 per resident |
| 3 | Texas | $1.1B+ | $38 per resident |
| 4 | New York | $930M+ | $47 per resident |
| 5 | Arizona | $520M+ | $71 per resident |
| 6 | Illinois | $480M+ | $38 per resident |
| 7 | Pennsylvania | $420M+ | $32 per resident |
| 8 | Georgia | $400M+ | $37 per resident |
| 9 | Virginia | $350M+ | $40 per resident |
| 10 | Ohio | $340M+ | $29 per resident |
Sources: FBI IC3 Annual Reports, 2019–2023
What the numbers really mean
- California leads in absolute losses: no surprise given its population and tech wealth. But what stands out is Arizona: far smaller than New York or Texas, yet with higher per-capita losses. In other words, the average Arizonan is more likely to lose money to an email scam than a Texan.
- Florida is the classic hotbed. Retiree-heavy demographics plus booming real estate make it irresistible to fraudsters.
- High-dollar states ≠ only risky states. Some less populous states don’t crack the top 10 but have high per-capita exposure — a red flag for businesses targeting those regions.
BEC: the hidden culprit
Dig into the FBI’s reports and one scam type dominates the charts: Business Email Compromise (BEC).
- In 2023 alone, U.S. businesses lost $2.9 billion to BEC scams.
- That’s more than credit card fraud, ransomware, and tech support scams combined.
- The playbook: fraudsters hack or spoof a business email, then trick employees into wiring funds or paying fake invoices.
It’s the kind of fraud that doesn’t just hurt consumers. It wrecks companies. And it proves that email fraud isn’t an abstract threat; it’s a balance sheet item.
The global growth of risky emails
While the U.S. data shows just how expensive email fraud can be, the real curveball comes from the global picture. The world is getting online faster than ever, and every new wave of internet users creates fertile ground for fraudsters.
According to the World Bank and International Telecommunication Union (ITU), more than 2.7 billion people came online between 2010 and 2023. That’s nearly 35% of the planet’s population going from “offline” to “email user” in just over a decade.
Top 10 countries with the largest increase in internet users (2010–2023)
| Rank | Country | New internet users (millions) | Internet penetration 2010 | Internet penetration 2023 |
| 1 | India | 500M+ | 7.5% | 54% |
| 2 | China | 450M+ | 34% | 76% |
| 3 | Indonesia | 160M+ | 10% | 78% |
| 4 | Nigeria | 110M+ | 22% | 55% |
| 5 | Brazil | 100M+ | 40% | 81% |
| 6 | Pakistan | 95M+ | 8% | 45% |
| 7 | Bangladesh | 80M+ | 4% | 41% |
| 8 | Philippines | 70M+ | 25% | 73% |
| 9 | Mexico | 65M+ | 32% | 78% |
| 10 | Ethiopia | 55M+ | 0.6% | 37% |
Sources: World Bank, ITU World Telecommunication/ICT Indicators Database
What the numbers tell us
- India is the single biggest story. Adding 500+ million new internet users in a little over a decade is unprecedented. That’s nearly the entire population of the EU suddenly appearing online.
- China remains massive but more mature. Growth has slowed compared to the early 2010s, but nearly three-quarters of the country is now online.
- Sub-Saharan Africa = the frontier. Countries like Nigeria and Ethiopia are still under 60% penetration, but the growth rates are explosive.
- South Asia is the next battlefield. Pakistan and Bangladesh together added 175M new users: most of them mobile-first, often with limited digital literacy.
Why rapid adoption = higher email risk
When hundreds of millions of people come online in a short span, two things happen:
- Email literacy lags behind access. New users often don’t know how to spot phishing attempts, fake login pages, or too-good-to-be-true offers.
- Fraudsters scale with the crowd. Criminal groups know that new internet regions are prime hunting grounds. They set up local-language scams that spread like wildfire.
The ITU estimates that in some countries, as much as 70% of new email accounts created per year are either fake, disposable, or fraudulent. That’s not just a risk for the people in those countries, but it’s a global deliverability problem, because those accounts end up on mailing lists everywhere.
The global domino effect for businesses
- Cross-border risk. If your email list picks up addresses from fast-growth regions like Nigeria or Pakistan, the probability of fraud or low-quality data skyrockets.
- Deliverability crash. High bounce rates from fake sign-ups drag down sender reputation worldwide.
- Costly compliance. GDPR, CCPA, and emerging data laws in Brazil, India, and Nigeria are piling on obligations. Bad email hygiene doesn’t just cost you conversions — it can mean regulatory fines.
Why fraud and bad emails wreck deliverability
It’s easy to think of fraud losses as a consumer problem — people wiring money to fake accounts, businesses tricked into paying bogus invoices. But beneath those FBI and World Bank numbers lurks something every marketer and SaaS operator should fear: bad data poisons your email performance before a single scam happens.
The hidden cost of fake or compromised emails
Every fake, disposable, or hijacked email address you collect is a ticking time bomb. Here’s how it detonates:
- Bounces pile up. Disposable or mistyped emails trigger hard bounces. Enough of those, and mailbox providers (like Gmail, Outlook, Yahoo) downgrade your sender reputation.
- Spam traps catch you. Fraudsters and regulators maintain “trap” addresses that exist only to flag spam. One hit can tank inbox placement across your entire list.
- Inbox placement collapses. Even valid addresses start routing your campaigns to spam. Your open rates fall off a cliff.
- ROI evaporates. What started as a handful of fake sign-ups turns into wasted ad spend, lower conversions, and — if you’re unlucky — your domain being blacklisted.
BEC and phishing: fraud at the business layer
On the consumer side, phishing emails try to steal passwords. On the business side, Business Email Compromise (BEC) is where the real money is.
- According to the FBI’s IC3 2023 report, BEC scams cost U.S. businesses $2.9 billion in a single year.
- That’s more than credit card fraud, ransomware, and tech support scams combined.
- The typical move: fraudsters compromise a legitimate email account and use it to request wire transfers or invoice payments.
For companies sending marketing or transactional emails, this matters because:
- If your domain gets spoofed in a BEC scam, your reputation suffers even if you weren’t hacked.
- If your email security fails and employees click one phishing email, the financial fallout can be catastrophic.
The global spam factory
Rapid adoption countries like India, Nigeria, and Bangladesh are not just growth stories — they’re also breeding grounds for what cybersecurity researchers call the global spam factory.
- The ITU estimates 60–70% of new email accounts in some markets are fraudulent or disposable.
- Many are resold in bulk on underground markets and end up in mailing lists worldwide.
- These addresses don’t just bounce — some are intentionally weaponized as spam traps.
📌 Translation: every time you upload a list without verification, you’re buying a lottery ticket where the prize is “your campaigns get buried in spam folders.”
Deliverability = trust
Email deliverability isn’t just about hitting the inbox. It’s about proving to mailbox providers that you’re trustworthy.
- Verified lists = fewer bounces = higher reputation.
- Clean sender reputation = more inbox placement.
- Better inbox placement = more clicks, sales, and ROI.
That’s why companies that treat verification as optional usually end up in the same place: wondering why their open rates are half of last year’s while their ad costs have doubled.
What businesses should actually do about it
All this data is fascinating (and a little scary), but the point isn’t just to gawk at billion-dollar fraud losses or maps of where spam is born. It’s to help businesses take smarter steps before they end up on the wrong side of an FBI report — or in the spam folder.
Here’s what actually moves the needle:
1. Verify every email before it hits your list
Think of list verification as a border checkpoint. You wouldn’t let someone board a plane without ID; why let an unverified email onto your list? Run addresses through a verification API at sign-up to block disposable, fake, or mistyped emails before they cause damage.
2. Don’t treat deliverability like a side quest
It’s not enough to hit “send” and hope. Deliverability is a revenue lever. Clean lists = higher reputation = more inboxes reached = better ROI. Treat verification as a core marketing activity, not a nice-to-have.
3. Train staff against the big scams
Business Email Compromise doesn’t just target finance teams. Anyone with an inbox can be tricked into clicking a bad link or forwarding a fake invoice. Ongoing training and internal phishing tests pay for themselves the first time someone spots a scam instead of falling for it.
4. Know your market’s risk profile
If you’re running campaigns in high-fraud regions like Florida in the U.S. or targeting fast-growth markets like Nigeria, take extra precautions. These are hotspots for compromised or fraudulent addresses. Adjust your risk model accordingly.
5. Build PR-worthy transparency
When you can show customers, regulators, and even journalists that you’ve got hard numbers behind your email hygiene, you don’t just look responsible — you look like a leader. Publish your verification practices. Cite global fraud stats. Make trust part of your brand.
The bottom line
Fraud is growing. Deliverability is shrinking. And email, despite predictions of its death, is still the backbone of digital business.
The smartest companies don’t wait until they’re in the headlines. They verify, they train, and they adapt to the shifting fraud landscape before it burns their ROI.
Or, to put it more bluntly: bad email data costs billions globally, but protecting your list costs pennies. Which side of that math do you want to be on?
