Application security, Breach, Threat Management, Data Security

FBI fielded roughly $2.7 billion worth of Internet crime complaints in 2018

The FBI's Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency's 2018 Internet Crime Report.

The three most commonly reported internet crimes last year were non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise), extortion, and personal data breaches. Crimes that couldn't be categorized due to incomplete complaints were next most common, followed by phishing scams (plus related crimes such as smishing), Business Email Compromise/Email Account Compromise (BEC/EAC) campaigns, and confidence fraud/romance scams.

Despite being only the sixth most commonly reported cybercrime in 2018, BEC/EAC campaigns was the top crime with the highest reported loss total: nearly $1.3 billion. In particular, the IC3 took note of an increase in the number of these scams that used spoofed emails, texts or phone calls to trick victims into thinking a superior or authority figure asked them to purchase gift cards.

To combat the growing BEC plague, IC3 last year launched its Recovery Asset Team, which "works within the Domestic Financial Fraud Kill Chain (DFFKC) to recover fraudulent funds wired by victims," the annual report explains. "The DFFKC is a partnership between law enforcement and financial entities. In 2018, the IC3 RAT notified 56 field offices and 12 legal attachés of 1,061 DFFKCs totaling $257,096,992, a recovery rate of 75 percent."

The nine next most financially costly crimes, in order, were confidence fraud/romance scams, investment schemes, non-payment/non-delivery scams, real estate/rental fraud, personal data breaches, corporate data breaches, identity theft, advanced fee schemes and credit card fraud.

The report also noted some standout or emerging trends from the past year. These included:

  • Payroll diversion scams, in which cybercriminals use phishing emails to capture employees' login credentials in order to access their payroll accounts and redirect their direct deposit payments to an attacker-controlled account. The IC3 received about 100 such complaints, which were responsible for about $100 million of losses.
  • Extortion. The report noted a 242 percent increase in extortion-related complaints since 2017, with adjusted losses of over $83 million.
  • Tech support fraud. The FBI tracked a 161 percent year-over-year increase in losses resulting from such crimes. Altogether, victims from 48 countries lodged 14,408 complaints, with losses amounting to nearly $39 million.

The over-60 population represented the largest share of complaints and total losses. Outside of the U.S., the foreign country with the most reported victims was India (4,556), followed by the UK (3,970) and Canada (2,880).

The IC3 says its received a total of roughly 4.42 million complaints since its inception in 2000.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.