According to the FBI’s annual Internet Crime Report, released in March 2022, Ransomware was NOT the biggest form of cybercrime reported by businesses and consumers; Business Email Compromise was. In fact, according to the report, adjusted losses for Business Email Compromise were fifty times greater than adjusted losses for Ransomware during the same time period.
The FBI's Internet Crime Complaint Center (IC3) gives the American public an outlet to report cybercrimes to the FBI. The IC3 was established in 2000 and has received more than 6.5 million complaints to date. Complaints are investigated, analyzed, and shared with other intelligence agencies and law enforcement.
This year's report goes into greater detail regarding several of the most common and effective types of cybercrime. See below.
BUSINESS EMAIL COMPROMISE (BEC)
Business Email Compromise/Email Account Compromise (EAC) targets businesses and individuals when scamming victims into unauthorized funds transfers via social engineering or computer intrusion. Unfortunately, what used to be accomplished with a simple email address spoof has now evolved into elaborate schemes of impersonating CEOs and CFOs in virtual meeting environments. The Covid-19 pandemic has led to more of this type of attack due to the frequency of remote work.
CONFIDENCE FRAUD/ROMANCE SCAMS
Confidence Fraud and Romance Scams go after a victim's personal feelings. An intruder will make themselves known to a victim, do whatever is necessary to gain their trust, and eventually begin requesting monetary aid. The most recent scams involve criminals impersonating cryptocurrency investors and offering to make the victim lots of money in a short amount of time.
Cryptocurrency has become the preferred payment method for most online scams due to its anonymity. Crypto ATMs are used to purchase cryptocurrency and, due to their lax regulation and almost instantaneous transfer rates, have become targets of cybercriminals. Others impersonate crypto support hotline technicians for exchange companies to lure victims into giving up their wallet credentials.
Ransomware is alive and well, with phishing emails, RDP exploitation, and software vulnerabilities topping the list of infection vectors, all of which grew in popularity due to Covid-19. In June 2021, IC3 began tracking particular incidents where the victim was a member of a critical infrastructure sector. Sixteen sectors exist where a takedown would cause significant damage to national security, economy, and public health and safety. Of the sixteen, fourteen of them had at least one victim.
TECH SUPPORT FRAUD
Tech Support Fraud is when a criminal claims to be a support agent for a service to trick a victim into transferring funds or giving up access to their computer. In 2021, almost 60% of victims were reportedly over 60 years old, and they experienced at least 68% of the losses. Scammers will impersonate well-known tech companies and offer to fix issues that don't exist or sell malicious software disguised as legitimate. In 2021, IC3 saw an increase in complaints reporting impersonators acting as customer service for other companies, such as financial institutions and utility companies.
LARGEST MONETARY LOSSES OF 2021
VICTIM COUNT 2021
IC3 remains the central point for reporting cybercrime. Its website gives both the ability to submit complaints directly to the FBI and to read about the latest cybersecurity news.
The numbers tell the real tale: $6.9 billion in victim losses; over 2,300 complaints daily on average; over 552,000 complaints on average over the last 5 years; over 6.5 million complaints received since IC3’s inception. The yearly report shows where the criminals focus, and which groups of people or businesses are targeted most and need the most protection. Sharing information amongst law enforcement, government entities, and the public is the most effective means of preventing cybercrime.