There were 301,580 Internet-based crime complaints with reported losses in excess of $1.4 billion last year, according to a new report.
The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and phishing, according to the FBI’s IC3 2017 Internet Crime Report.
In addition, during the year, the IC3 received its 4 millionth consumer Internet crime complaint on October 12, 2017, and has received a total of 4,063,933 since its inception in 2000.
The goal of the report is to increase public awareness about current Internet scams and fraud; reiterating the importance of the IC3 in understanding, mitigating, and combating cyber crime, and encouraging victims to report Internet crime through the IC3. By reporting Internet crime, victims are not only alerting law enforcement to the activity, but aiding in the overall fight against cyber crime, officials said.
Some of the key topics IC3 found for last year included:
Business Email Compromise: BEC is a sophisticated scam targeting businesses that often work with foreign suppliers and/or businesses and regularly perform wire transfer payments. The Email Account Compromise (EAC) variation of BEC targets individuals who regularly perform wire transfer payments. It should be noted while most BEC and EAC victims reported using wire transfers as their regular method of transferring business funds, some victims reported using checks. Fraudsters used the method most commonly associated with their victims’ normal business practices. Both scams typically involve one or more fraudsters, who compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Because the techniques used in the BEC and EAC scams have become increasingly similar, the IC3 began tracking these scams as a single crime type in 2017.
In 2017, the IC3 received 15,690 BEC/EAC complaints with adjusted losses of over $675 million.
Ransomware: Ransomware is a form of malware targeting both human and technical weaknesses in an effort to make critical data and/or systems inaccessible. Ransomware is delivered through various vectors, including Remote Desktop Protocol, which allows computers to connect to each other across a network, and phishing.
In one scenario, spear phishing emails are sent to end users resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, typically in virtual currency such as Bitcoin. The actor will purportedly provide an avenue to the victim to regain access to their data once the ransom is paid.
Recent iterations target specific organizations and their employees, making awareness and training a critical preventative measure.
In 2017, the IC3 received 1,783 complaints identified as ransomware with adjusted losses of over $2.3 million.
Tech Support Fraud: Tech Support Fraud is a widespread scam in which criminals claim to provide customer, security, or technical support in an effort to defraud unwitting individuals and gain access to the individuals’ devices. There are many variations of this scam, and criminals are constantly changing their tactics to continue the fraud. For example, in addition to telephone calls, pop-up and locked screens, search engine advertising, and URL hijacking/typosquatting, criminals now use phishing emails with malicious links or fraudulent account charges to lure their victims. Criminals also pose as a variety of different security, customer, or technical support representatives and offer to resolve any number of issues, including compromised email, bank accounts, computer viruses, or offer to assist with software license renewal. Some recent complaints involve criminals posing as technical support representatives for income tax assistance, GPS, printer, or cable companies, or support for virtual currency exchanges. In some variations, criminals pose as government agents, who offer to recover losses related to tech support fraud schemes or request financial assistance with “apprehending” criminals.
In 2017, the IC3 received 10,949 complaints related to tech support fraud. The claimed losses amounted to nearly $15 million, which represented a 90 percent increase in losses over 2016.
Click here for the full report.