Ransomware is NOT the #1 Type of Cybercrime Reported. This is….

Updated 05/16/2022

Cybersecurity | News

Ransomware is NOT the #1 Type of Cybercrime Reported. This is….

According to the FBI’s annual Internet Crime Report, released in March 2022, Ransomware was NOT the biggest form of cybercrime reported by businesses and consumers; Business Email Compromise was. In fact, according to the report, adjusted losses for Business Email Compromise were fifty times greater than adjusted losses for Ransomware during the same time period.

The FBI's Internet Crime Complaint Center (IC3) gives the American public an outlet to report cybercrimes to the FBI. The IC3 was established in 2000 and has received more than 6.5 million complaints to date. Complaints are investigated, analyzed, and shared with other intelligence agencies and law enforcement.

This year's report goes into greater detail regarding several of the most common and effective types of cybercrime. See below.


2021 Stats:

  • 19,954 complaints received
  • Adjusted losses at nearly $2.4 billion

Business Email Compromise/Email Account Compromise (EAC) targets businesses and individuals when scamming victims into unauthorized funds transfers via social engineering or computer intrusion. Unfortunately, what used to be accomplished with a simple email address spoof has now evolved into elaborate schemes of impersonating CEOs and CFOs in virtual meeting environments. The Covid-19 pandemic has led to more of this type of attack due to the frequency of remote work.


2021 Stats:

  • 24,299 complaints received
  • More than $956 million in losses

Confidence Fraud and Romance Scams go after a victim's personal feelings. An intruder will make themselves known to a victim, do whatever is necessary to gain their trust, and eventually begin requesting monetary aid. The most recent scams involve criminals impersonating cryptocurrency investors and offering to make the victim lots of money in a short amount of time.


2021 Stats:

  • 34,202 complaints were received involving the use of cryptocurrency
  • More than $1.6 billion reported losses, up seven times from 2020

Cryptocurrency has become the preferred payment method for most online scams due to its anonymity. Crypto ATMs are used to purchase cryptocurrency and, due to their lax regulation and almost instantaneous transfer rates, have become targets of cybercriminals. Others impersonate crypto support hotline technicians for exchange companies to lure victims into giving up their wallet credentials.


2021 Stats:

  • 3,729 complaints
  • Adjusted losses of more than $49.2 million

Ransomware is alive and well, with phishing emails, RDP exploitation, and software vulnerabilities topping the list of infection vectors, all of which grew in popularity due to Covid-19. In June 2021, IC3 began tracking particular incidents where the victim was a member of a critical infrastructure sector. Sixteen sectors exist where a takedown would cause significant damage to national security, economy, and public health and safety. Of the sixteen, fourteen of them had at least one victim.


2021 Stats:

  • 23,903 complaints across 70 countries
  • More than $347 million in losses

Tech Support Fraud is when a criminal claims to be a support agent for a service to trick a victim into transferring funds or giving up access to their computer. In 2021, almost 60% of victims were reportedly over 60 years old, and they experienced at least 68% of the losses. Scammers will impersonate well-known tech companies and offer to fix issues that don't exist or sell malicious software disguised as legitimate. In 2021, IC3 saw an increase in complaints reporting impersonators acting as customer service for other companies, such as financial institutions and utility companies.


  1. BEC/EAC - $2,395,953,296
  2. Investment - $1,455,943,193
  3. Confidence/Romance Fraud - $956,039,740


  1. Phishing/Vishing/Smishing/Pharming - 323,972
  2. Non-Payment/Non-Delivery - 82,478
  3. Personal Data Breach - 51,829

IC3 remains the central point for reporting cybercrime. Its website gives both the ability to submit complaints directly to the FBI and to read about the latest cybersecurity news.

The numbers tell the real tale: $6.9 billion in victim losses; over 2,300 complaints daily on average; over 552,000 complaints on average over the last 5 years; over 6.5 million complaints received since IC3’s inception. The yearly report shows where the criminals focus, and which groups of people or businesses are targeted most and need the most protection. Sharing information amongst law enforcement, government entities, and the public is the most effective means of preventing cybercrime.

References: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf