Courtesy of Digital Guardian by Fortra. The FBI's annual look at phishing, scam, and personal data breach statistics is out. Like clockwork, the Federal Bureau of Investigation's annual Internet Crime Complaint Center (IC3) report (.PDF) is out, and with it, numbers that show a marked uptick in cybercrime over the past 365 days. Skimming through the report's 33 pages, it's hard not to notice the levels of fraud and the amount of dollars lost to scams up, almost across the board. Cybercrime complaints in particular and the losses incurred by fraud to Americans are continuing to pile up. This past year, there were 847,376 complaints, up from 791,790 in 2020; numbers that correlate to a 7% increase. The amount lost from the complaints, which largely stems from scams like extortion, identity theft, and data breaches, went up too, from $4.2 billion to $6.9 billion last year. Business email compromise (BEC) scams - attacks in which company email is hacked and executives are impersonated – continue to be the elephant in the room. BEC scams accounted for a whopping $2.3 billion of the aforementioned $6.9 billion figure, up from $1.8 billion the year before. While these attacks have traditionally relied on research - attackers looking up names of executives, travel plans, and gathering bread crumbs, then using spoofed email accounts to trick them into wiring money to the attacker - they've since evolved.
Nowadays, according to the FBI, attackers are compromising emails and tricking employees into joining fake virtual meeting platforms. Once an employee joins, attackers, pretending to be a CEO or CFO, claim their audio/visual isn't working and then convince unsuspecting victims to send money via wire transfers or in the form of cryptocurrency. While it may sound far-fetched, the scams work. The same goes for investment scams and romance scams, many which rely on tricking victims into purchase cryptocurrency, funds that are quickly lost as soon as the scammers gain the victim's trust and in turn, their login information. Collectively, the two types of scams cost Americans $2.4 billion last year. Not to be overlooked, it's worth highlighting just how successful tech support scams, thought of as archaic by many in the industry, have been over the past year. Losses connected to tech support scams in 2021 jumped in a big way and saw a 137% increase from the year prior. Unsurprisingly, according to the FBI, almost 60 percent of those who reported being scammed were over 60 years old. That 60 percent group accounted for $238 million of the $347 million figure.
Numbers were up elsewhere too. Among the top five types of cybercrime, there were more complaints of identity theft, personal data breaches, and phishing attacks last year than in 2020 or for any other year over the past five years for that matter. Those looking for insightful numbers around ransomware attacks may want to look elsewhere. According to the report, the IC3 only received 3,729 complaints about ransomware, totaling around $49 million. The numbers are so low, they don't come close to cracking the FBI's list of top 10 crime types, either by victim count of the amount of money lost, for 2021. The report has long been viewed as skewed when it comes to ransomware numbers, mainly because victims don't report attacks but also because the figure doesn't account for additional costs, like loss of business, files, time, or incident response that businesses have to pay for following an attack.