Online crime continues to reach new heights, according to the latest edition of the FBI’s annual Internet Crime Report.
Last year the agency’s Internet Crime Complaints Center (IC3) received 467,361 complaints — about 1,300 a day — with reported losses exceeding US$3.5 billion, the highest number of complaints and the highest dollar losses reported since the centre was established in May 2000.
One bright spot: The IC3’s Recovery Asset Team (RAT), which assists in recovering funds for victims of business email compromise schemes, helped recover over US$300 million lost through on-line scams. That’s a 79 per cent return rate of reported losses.
One of the most recent cases involving a gang that specialized in thefts related to swapping SIM cards in smartphones. led to an arrest of the alleged leader and the seizures of over US$18 million, five vehicles, a $900,000 home, and hundreds of thousands of dollars in jewelry. Overall the scheme compromised hundreds of cryptocurrency accounts and caused approximately US$40 million in losses.
Last year the FBI noted an increase in the number of complaints related to the diversion of payroll funds with a criminal emailing a company’s human resources or payroll department to change an employee’s direct deposit information. Usually, the money goes to a pre-paid card account.
The FBI urges organizations to never make any payment changes without verifying with the intended recipient. Meanwhile, individuals should verify email addresses are accurate when checking mail on a cell phone or other mobile device.
Still, the amount of online crime grows. Report highlights include:
- In 2019, the IC3 received 23,775 complaints with adjusted losses of over US$1.7 billion related to business email compromise (BEC) and email account compromise, which involve the takeover of email accounts to get victims to transfer money to bank accounts controlled by scammers.
- Tech support fraud continues to be a growing problem, says the report. In 2019, the IC3 received 13,633 complaints related to Tech Support Fraud from victims in 48 countries. The losses amounted to over US$54 million, which represents a 40 per cent increase in losses from 2018. The majority of victims reported being over 60 years of age.
- In 2019 the IC3 received 2,047 complaints identified as ransomware with adjusted losses of over US$8.9 million. The agency advises ransoms not be paid because that doesn’t guarantee an organization will regain access to its data. “Paying a ransom emboldens the adversary to target other organizations for profit, and provides a lucrative environment for other criminals,” the report says.
Still, the agency understands that if a business can’t function executives will evaluate all options to protect their shareholders, employees, and customers.
Excluding the United States, the largest number of complaints filed with the FBI came from the U.K. with over 93,000. Canada was second with over 3,700.
In terms of reported online crime, phishing/smishing/vishing/pharming related incidents accounted for the largest number, followed by non-payment/non-delivery of goods, extortion, personal data breach, spoofing, BEC, confidence/romance fraud and identity theft.
In terms of dollar losses, BEC led the list ($1.7 billion), followed by confidence/romance scams, spoofing, investment scams, and real estate/rental scams ($221 million).
Annual numbers like these in Canada will be hard to come by until the RCMP’s new National Cyber Crime Reporting Unit (NC3) is fully running in 2023.
In a statement, Donna Gregory, the chief of the FBI’s IC3, said that in 2019 the centre didn’t see an uptick in new types of fraud but rather saw criminals deploying new tactics and techniques to carry out existing scams.
“Criminals are getting so sophisticated,” Gregory said. “It is getting harder and harder for victims to spot the red flags and tell real from fake.”
While email is still a common entry point, frauds are also beginning on text messages—a crime called smishing — or even fake websites, a tactic called pharming.