The Nashville Division of the Federal Bureau of Investigation is raising awareness about criminal and cybercriminal activity targeting the music industry and sharing information and threat intelligence with Tennesseans to combat cybercrime.
“A review of complaints submitted to the FBI’s Internet Crime Complaint Center (IC3), along with our pending investigations, has identified clear trends in the tactics criminals are using to target employees in the music industry and fans alike,” said Terence G. Reilly, special agent in charge of the FBI Nashville Division. “We urge everyone to pause before taking action and to be wary of high-pressure tactics used by scammers.”
Trends and tactics used
Romance scams where criminals purported to be performing artists targeted individuals primarily over the age of 60.
- Cybercriminals gained unauthorized access to computers and social media accounts of music industry professionals and utilized extortion techniques.
- Alleged fraud scheme used songs created by artificial intelligence (AI), together with automated music streaming bots, to unlawfully exploit music streaming platform royalty payment mechanisms.
- Alleged criminal infringement of copyright scheme perpetrated by former sound engineer who, while employed, without authorization, copied unreleased music and later sold them via the internet for financial gain.
Cybercriminals have targeted various music industry employees and fans alike to steal funds and intellectual property. Threats observed across the United States affecting music industry professionals and fans included multiple types of scams as well as data breaches and extortion. Between early January 2024 and late September 2025:
- IC3 complaints related to the music industry included those submitted by singers, songwriters, managers, producers, music label owners, music journalists, fans, and a security director. The most-reported crimes included romance, non-delivery, advanced fee, and overpayment scams, data breaches, and extortion.
- 527 IC3 complaints related to romance scams totaled a loss of $12,281,229. Individuals over age 60 accounted for almost 60 percent of reports, wherein the complainants believed they were speaking to and in relationships with real musicians.
- Musicians, record label owners, music producers, and managers submitted 107 IC3 complaints related to non-delivery, advanced fee, and overpayment scams, totaling a loss of $777,063. Subjects in these complaints contacted complainants for professional opportunities, including music journal articles, record label contracts, collaborations, and promotion of their music, or complainants reported a lack of royalty payments.
- Fans, musicians, music producers, and a record label owner reported in 64 IC3 complaints, including those for romance scams and personal data breaches, that subjects extorted or attempted to extort them for unreleased music or money by using threats of violence or complainants’ personal information or explicit photographs.
- Fans submitted 61 IC3 complaints related to non-delivery scams wherein they paid for but did not receive concert or music festival tickets, meet-and-greets, and merchandise, totaling a loss of $325,574.
- Music industry professionals submitted 55 IC3 complaints reporting data breaches wherein subjects obtained unreleased music on complainants’ devices or obtained access to social media accounts used for promotion of the complainants’ music.
Tips to protect yourself
Protect your systems and data
- Keep systems and software up to date and install a strong, reputable anti-virus program.
- Create a strong and unique passphrase for each online account you hold. Using the same passphrase across several accounts makes you more vulnerable if one account is breached.
- Use multi-factor authentication (MFA), preferably using phishing-resistant authenticators, for as many services as possible and particularly for accounts that access webmail, virtual private networks (VPNs), and accounts that manage backups.
- As much as possible, ensure social media profiles are private, and do not communicate with individuals you do not know or have not spoken with in some time before verifying the profile belongs to the actual person being represented.
- Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
Protect your connections
- Be careful when connecting to a public Wi-Fi network and do not conduct any sensitive transactions, including purchases, when on a public network. If you must use unsecure Wi-Fi, use a VPN service that starts upon initial connection.
- Examine the email address in all correspondence and scrutinize website URLs. Scammers often mimic a legitimate site or email address by using a slight variation in spelling. Or an email may look like it came from a legitimate company, but the actual email address is suspicious.
- Do not click the link in an unsolicited text message or email that asks you to update, check, or verify your account information. If you are concerned about the status of your account, go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
- Carefully scrutinize all electronic requests for a payment or transfer of funds.
- Be extra suspicious of any message that urges immediate action.
- Make online purchases with a credit card for an extra layer of protection against fraud.
- Do not send money to any person you meet online or allow a person you don’t know well to access your bank account to transfer money in or out.
Protect your money and information
- Examine the email address in all correspondence and scrutinize website URLs. Scammers often mimic a legitimate site or email address by using a slight variation in spelling. Or an email may look like it came from a legitimate company, but the actual email address is suspicious.
- Do not click the link in an unsolicited text message or email that asks you to update, check, or verify your account information. If you are concerned about the status of your account, go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
- Carefully scrutinize all electronic requests for a payment or transfer of funds.
- Be extra suspicious of any message that urges immediate action.
- Make online purchases with a credit card for an extra layer of protection against fraud.
- Do not send money to any person you meet online or allow a person you don’t know well to access your bank account to transfer money in or out.
Report it
The FBI requests victims immediately report fraudulent or suspicious activity to the FBI IC3 at www.ic3.gov. Be sure to include as much information as possible:
- Identifying information about the person or company that contacted you.
- Methods of communication used, including websites, emails, and telephone numbers.
- Financial transaction information, such as the date, type of payment, amount, account numbers involved, the name and address of the receiving financial institution, and receiving cryptocurrency addresses.
- Description of your interaction with the individual, including how contact was initiated, such as the type of communication, purpose of the request for money, how you were told or instructed to make payment, what information you provided to the scammer, and any other details pertinent to your complaint.
Victims aged 60 or over who need assistance filing an IC3 complaint can contact the DOJ Elder Justice Hotline, 1-833-FRAUD-11 (or 833-372-8311).
Subscribe to our Newsletter!
