“A victim can be anyone who uses a connected device.”
That was a line from Donna Gregory, chief of the FBI’s Internet Crime Complaint Center (IC3) in a report the agency just released on statistics gathered or 2018 that show Internet-enabled theft, fraud, and exploitation remain pervasive and were responsible for $2.7 billion in financial losses in last year.
The FBI said IC3 received 351,936 complaints last year — an average of more than 900 every day.
The most frequently reported complaints were for non-payment/non-delivery scams, extortion, and personal data breaches, according to the Internet Crime Report. The most financially costly complaints involved business email compromise, romance or confidence fraud, and investment scams, which can include Ponzi and pyramid schemes.
Reports came in from every U.S. state and territory and involved victims of every age. There was a concentration of victims and financial losses, however, among individuals over the age of 50.
“The 2018 report shows how prevalent these crimes are,” Gregory said. “It also shows that the financial toll is substantial and a victim can be anyone who uses a connected device. Awareness is one powerful tool in efforts to combat and prevent these crimes. Reporting is another. The more information that comes into the IC3, the better law enforcement is able to respond.”
Report Speaks Volumes
“This report aligns with the sheer amount of records exposed since 2013: over 14 billion, according to the Breach Level Index,” said Lisa Baergen, vice president of marketing for NuData Security, a Mastercard company. “This is driving the market to implement more secure online authentication methods. With traditional methods of identification now unreliable due to all the data breaches (anyone can get their hands into a password for a few cents), it all comes down to identifying customers by their behavior; moving away from passwords, security questions, and credentials that are being stolen and reused for profit. Companies are now racing to implement new online authentication architectures that include behavioral analytics and passive biometrics combined with physical biometrics. These new technologies accurately identify legitimate customers while locking out cybercriminals. With multi-layered authentication solutions that can’t be replicated by a third-party, companies are thwarting fraud attempts and protecting customers.”
“The FBI’s report confirms that investing in employee education through simulated phishing attacks and the associated phishing prevention training is a ‘powerful’ defense against cybercrime. Awareness is one powerful tool in efforts to combat and prevent these crimes,” said Colin Bastable, chief executive of security provider, Lucy Security.
“Industry estimates are that at least 20 percent of any group of people have a high propensity to fall for various phishing and social engineering attacks, and that we are all vulnerable to these attacks on occasion. Business email compromise (BEC) attacks, in particular, successfully target very smart, highly motivated and educated people. Hackers exploit authority figures such as CEOs and CFOs when they launch BEC attacks.”
The bright spots reported by the IC3 include starting in February last year the Recovery Asset Team and its success in recovering funds lost in business email compromise scams. These sophisticated scams involve perpetrators infiltrating businesses’ email accounts and requesting fraudulent wire transfers or gift card purchases.
Recovery Asset Team
The Recovery Asset Team has helped streamline communication with financial institutions and assist FBI field offices in the recovery of funds for businesses that report a fraudulent domestic transfer. The team was able to successfully recover more than $192 million in funds — a recovery rate of 75 percent.
One recovery success came in Colorado, where a victim wired $56,179.27 for a home purchase to a thief after receiving a spoofed email request from the lending agent. The Recovery Asset Team worked with the Denver Field Office and the victim’s bank to freeze the funds transfer and return $54,000 of the stolen money.
The large number of complaints captured by the IC3 in 2018 also helped improve the data available to all law enforcement entities as they search for connections among cases and look for trends and patterns in crimes and victims. In addition, the IC3’s Operation Wellspring Initiative helps build the cyber investigative capability and capacity of state and local law enforcement by linking them to the FBI’s field offices for support on identifying and responding to malicious cyber activity.
In 2018, the IC3 also worked with the FBI’s Victim Services Division to add staff to help better serve the victims of cyber-enabled crime. The victim specialist-Internet crimes position helps provide crisis intervention services, assess victim needs, and refer victims to additional resources.