The FBI’s Internet Crime Complaint Center (IC3) has released its year-end 2019 Internet Crime Report, which includes information from 467,361 complaints of suspected Internet crime, with reported losses in excess of $3.5 billion.
Among the most common crime types reported by victims in 2019 were Business Email Compromise (BEC), Tech Support Fraud, and extortion via ransomware.
Business Email Compromise
In 2019, the IC3 received 23,775 Business Email Compromise complaints with adjusted losses * of over $1.7 billion. This sophisticated scam targets both businesses and individuals. The scam is frequently carried out when a criminal compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized fund transfers.
For example, the scam may spoof the email accounts of chief executive officers or chief financial officers to request fraudulent wire payments. The scam may also involve the diversion of payroll funds whereby a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period. The new direct deposit information routes to a pre-paid card account.
Tech Support Fraud
This scheme involves a criminal claiming to provide customer, security, or technical support or service in an effort to defraud unwitting individuals. Criminals may pose as support or service representatives offering to resolve such issues as a compromised email or bank account, a virus on a computer, or a software license renewal.
As this type of fraud has become more commonplace, criminals have started to pose as government agents, even offering to recover supposed losses related to tech support fraud schemes or to request financial assistance with “apprehending” criminals.
In 2019, the IC3 received 13,633 complaints related to Tech Support Fraud from victims in 48 countries. The losses amounted to over $54 million, which represents a 40% increase in losses from 2018. The majority of victims are over 60 years of age.
This malware targets both human and technical weaknesses in an effort to make critical data and/or systems inaccessible.
In one scenario, spear phishing emails are sent to end users that result in the rapid encryption of sensitive files on a corporate network. When the victim organization determines it is no longer able to access its data, the criminal demands the payment of a ransom, typically in a virtual currency like Bitcoin. The victim can regain access to its data once the ransom is paid.
The FBI advises not to pay the ransom because there is no guarantee that an organization will regain access to its data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom.
In 2019, the IC3 received 2,047complaints identified as ransomware with adjusted losses of over $8.9 million.
About the IC3
At the end of every year, the IC3 collates information collected into an annual report. IC3 has received approximately 340,000 complaints per year over the last five years, or more than 1,200 complaints per day.
FBI’s Internet Crime Complaint Center (IC3) provides a convenient way to report suspected Internet-facilitated criminal activity. If you or your business has been victimized by an Internet scam, a report can be filed online by visiting the website of the FBI’s Internet Crime Complaint Center at www.ic3.gov.
* Regarding adjusted losses, this number does not include estimates of lost business, time, wages, files, or equipment, or any third party remediation services acquired by a victim. In some cases victims do not report any loss amount to the FBI, thereby creating an artificially low overall loss rate, especially for ransomware. Finally, the number only represents what victims report to the IC3 and does not account for victim direct reporting to FBI field offices and agents.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.