The financial loss from cybercrime in the U.S. exceeded $1.3 billion in 2016, a rise of 24 percent, according to a new report issued by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).
The “2016 Internet Crime Report,” examined the most prevalent and most damaging forms of cybercrimes today – like business email compromise (BEC), ransomware, tech support fraud, and extortion. It based its findings on nearly 300,000 complaints filed with the IC3, which compiles data from public complaints in order to refer cases to the appropriate law enforcement agencies as well as to identify trends.
It noted that though the statistics show a significant rise, the actual tally is much higher as only an estimated 15 percent of the nation’s fraud victims report their crimes to law enforcement. One security expert commented that if the IC3’s estimate of 15 percent is accurate, then the actual cost of cybercrime in the U.S. was likely closer to $9 billion. The loss from ransomware attacks alone would be in the vicinity of $16 million.
In 2016, the top three crime types reported to the bureau were non-payment and nondelivery, personal data breach and payment scams; while the top three crime types by reported loss were BEC, romance and confidence fraud, and non-payment and non-delivery scams.
One strategy cybercriminals used was so-called tech support fraud cases. In these instances, bad actors posing as tech support personnel from recognizable companies dupe unsuspecting victims into giving up their credentials, which then grants the fraudsters access to the victim computers. Once in, the miscreants can charge victims’ credit cards for fake AV software, install malware, or even siphon out personal details, later be used in other scams. The IC3 received more than 10,000 reports of this variety of scam in 2016, resulting in the loss by victims of nearly $8 million.
“They’ll trick you into letting them into your computer,” Donna Gregory, unit chief at IC3, said in a statement. “You open the door and allow them in. You may think you’re just watching them install a program to get rid of a virus, but they are really doing a lot of damage behind the scenes.”
Another of the “Hot Topics for 2016” was business email compromise (BEC). This sophisticated scam targets businesses working with foreign suppliers and/or businesses which regularly perform wire transfer payments, the report explained. The criminals behind these scams employ social engineering tricks or computer intrusion techniques to transfer funds electronically. The more popular versions of the scam begins when someone receives an email purporting to be from the CEO or CFO requesting that funds be transferred to an account. The message appears legitimate so the victim is duped into performing the transfer.
The scam has been evolving over the past few years. In 2016, the strategy began targeting legitimate business email accounts and requests for personally identifiable information (PII) or wage and tax statement (W-2) forms for employees. In 2016, the IC3 received more than 12,000 complaints with losses exceeding $360 million tied to such scams.
Next on the FBI’s list of hot topics was ransomware, a form of malware delivered most often via spear phishing and remote desktop protocol (RDP). Once installed, the malware can lock up a victim’s computer, even freezing up an entire corporate network. The fraudsters behind the scam then demand ransom, most often in the form of Bitcoin, with promises to decrypt the invasive malware so the victim can regain access to the computer or network. Last year, the IC3 received nearly 3,000 complaints identified as ransomware with losses exceeding $2.4 million, according to the report.
The majority of victims were seniors over 60 years old, the report found, with more than 55,000 victims accounting for a loss of nearly $340,000.
When asked what the IC3 can do to encourage more people to file reports with the Internet Crime Complaint Center, Gregory told SC Media on Monday that the IC3 produces both the Annual Report and posts Public Service Announcements to educate the public to current scams and new trends. “Through outreach with both public and private sector partners, and with the assistance of the media outlets, we hope to educate consumers and encourage victims to file complaints.”
But despite the best efforts of the IC3, Gregory admits that cybercriminal activity continues to rise with the increase of technology, even though IC3 complaints continue to plateau around 300,000 per year. “Currently, we are seeing complaints including more structured information, rather than individuals reporting junk mail or spam,” she told SC.
To fend off internet crime, in its report the IC3 recommended computer users keep their anti-virus software and operating system up to date. Further, it advised users to be wary of offers that make “too good to be true” promises.
“Be aware of what you are clicking on and also what you’re posting on social media,” Gregory said. She advised users to always lock down social media accounts as much as possible, to use two-factor authentication whenever possible, and to strengthen passwords. “The tougher the password, the harder it is for someone to crack.”