The FBI’s Internet Crime Complaint Center (IC3) last year fielded 467,361 complaints related to cybercrime activity that collectively cost victims $3.5 billion in losses, according the agency’s just released 2019 Internet Crime Report.
The 2019 complaint count represents a nearly 33 percent increase from the 2018 total of 351,937, and the $3.5 billion figure also jumped from $2.7 billion the previous year.
The three most commonly reported internet crimes last year were phishing/vishing/smishing/pharming attacks, non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise) and extortion. Rounding out the top 10 were personal data breaches, spoofing, Business Email Compromise (BEC)/Email Account Compromise (EAC), confidence fraud, romance scams, identity theft, harassment/threats of violence and overpayment schemes.
Despite being only the six most commonly reported cybercrime in 2019, BEC/EAC campaigns constituted the offense with the highest reported loss totals, with nearly $1.78 billion in damages. In particular, the IC3 took note of an increase in the number of BEC/EAC complaints related to attempts by the perpetrators to divert of payroll funds. “In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period. The new direct deposit information generally routes to [an attacker’s] pre-paid card account,” the report states.
The nine next most financially costly reported crimes were characterized as confidence fraud/romance, spoofing, investment schemes, real estate/rental scams, non-payment/non-delivery, identity theft, government impersonation, personal data breach and credit card fraud.
In its report, the IC3 also provided an update on its Recovery and Investigative Development (RaID) Team, which was formed in 2019 to partner with financial and law enforcement investigators in a joint effort to crack down on money mule organizations.
RaID is composed of two divisions: a Recovery Asset Team (RAT) that was originally established in 2018 as a standalone team focused on recouping victims’ lost funds, and a Money Mule Team (MMT), which performs analysis and research on previously unknown targets for the purpose of developing new investigations.
Last year the RAT helped recover more than $300 million lost via online scams, which was good for a 79 percent return rate, the FBI reported.
“RaID enhances investigations by monitoring new activity and notifying law enforcement of time-sensitive situations. The team often plays a significant role in uncovering additional victims and criminals involved in fraudulent activity,” the report states. “RaID has partnered with FBI Field Offices to develop an investigative matrix to triage complaint information provided by IC3 victims. The matrix allows analysts and agents to quickly identify potential targets from the hundreds of IC3 complaints received on a daily basis, and to gain a more complete view of the cyber-enabled fraud threat landscape.”
Outside of the U.S., the U.K. by far was the country that was most frequently targeted by cybercrimes that were ultimately reported to the FBI. Canada, India, Australia and France were the next most commonly mentioned victims countries in complaints processed by IC3.