Among all incidents reported to the Internet Crime Complaint Center in 2016, email compromise scams targeting businesses and individuals were responsible for the greatest financial loss totals, according the IC3’s newly released annual report.
Overseen by the FBI, the IC3 reported in its 2016 Internet Crime Report that it received 298,728 overall complaints last year, adding up to over $1.3 billion in losses. Business Email Compromise (BEC) and individual email account compromise (EAC) scams represented well over a quarter of these losses, costing victims around $360.5 million.
BEC scams involve cybercriminals using social engineering, spoofing and intrusion techniques to compromise corporate email accounts in order to facilitate a fraudulent transfer of funds. In a glaring illustration of just how financially devastating BEC and EACs scams can be, this category of crime generated the highest loss totals, despite only being the 16th most frequently reported crime, with only 12,005 incidents. “In 2016, the scam evolved to include the compromise of legitimate business email accounts and requests for Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees,” the report noted.
The three crimes that were most commonly reported to the task force last year were non-payment and non-delivery incidents (81,029 cases), personal data breaches (27,573), and 419/overpayment scams (25,716).
Non-payment occurs when goods or services are shipped, but never paid for, and non-delivery scams are when items are paid for, but never received. 419 scams, also known as Nigerian prince scams, involve tricking victims into sending personal or banking information to aid in a fraudulent monetary transfer. And overpayment scams are when someone receives a large payment from a fraudster and is asked to keep a portion, while returning the reminder (or sending the rest to a third person), only for the original payment to bounce.
After BEC/EAC scams, reported crimes that were responsible for the next highest loss totals were confidence fraud and romance scams ($219.8 million) and non-payment/non-delivery crimes ($138.2 million).
Citing statistics provided by the U.S. Attorney’s Office of the Western District of Washington, the IC3 noted that only an estimated 15 percent of U.S. victims of fraud report crimes to law enforcement, meaning that many more millions of dollars in Internet crimes likely went unreported to the IC3 in 2016.
In the report’s introduction, Scott Smith, assistant director of the FBI’s Cyber Division, wrote that the FBI “continues to expand Operation Wellspring (OWS), an initiative through which state and local law enforcement officers are embedded in, and trained by, FBI cyber task forces and serve as the primary case agents on Internet-facilitated criminal investigations.” Smith noted that OWS task forces opened 37 investigations in 2016.
Despite making waves in 2016, ransomware registered relatively low on IC3’s list of threats, receiving 2,673 complaints (ranked 22nd) with losses of over $2.4 million ranked 25th).