Threat Management, Email security, Ransomware

Three takeaways for cyber pros from the FBI’s 2022 Internet Crime Report

The FBI seal

The potential total financial losses from cybercrime in 2022 increased to over $10.2 billion from $6.9 billion in 2021, despite a slight decrease in the number of complaints reported to the FBI.

That figure is just one of the takeaways from the FBI’s 2022 Internet Crime Report released by its Internet Crime Complaint Center (IC3) this week.

While the number of complaints the IC3 received fell slightly to 800,944 from the highwater mark of 847,376 in 2021, the total losses jumped by over $3 billion from 2021 to 2022.

Losses from investment scams increased by 127% from 2021 to 2022, accounting for $3.31 billion alone. Cryptocurrency investment fraud makes up a significant amount of those complaints, which increased 183% to $2.57 billion in 2022. 

Other important statistics of note for cybersecurity professionals:

  • Investment scams overtook business email compromise (BEC) as the top scheme reported to the FBI.
  • The continuing threat posed by ransomware.

Cybersecurity experts routinely note that BEC scams tend to get a fraction of the attention paid to other threats like ransomware, but BEC attacks perpetually rank as the highest-grossing form of cybercrime.

While complaints involving BEC attacks fell to No. 2 in the FBI's latest data, these scams — which involve compromising legitimate business email accounts through social engineering or other techniques to conduct unauthorized money transfers — still accounted for more than $2.7 billion in losses tallied in 2022.

Ransomware statistics unreliable since many attacks unreported

IC3 received 2,385 ransomware-related complaints last year, with adjusted losses of more than $34.4 million. Attacks on the critical infrastructure sector made up 870 of the total number of ransomware complaints, affecting 14 of the 16 sectors considered critical infrastructure.

The center noted that it saw an increase in additional ransomware extortion tactics, with cybercriminals threatening to publish stolen data if the victim did not pay the ransom. It also noted that it has been difficult for the FBI and other law enforcement agencies to ascertain the true number of ransomware victims because many infections go unreported. The FBI reiterated that it encourages organizations to report ransomware incidents so the FBI can assist with providing information on decryption, data recovery and the possibility of bringing the perpetrators to justice.

“While the cyber threat is ever-growing, the FBI remains appreciative of those individuals and entities who report cyber incidents to the IC3, as that valuable information helps fill in gaps that are crucial to advancing our investigations,” Timothy Langan, executive assistant director at the FBI, wrote in the report’s forward. 

IC3 by the numbers

  • $10.3 billion - Victim losses in 2022
  • 2,175+ - Average complaints received daily
  • 651,000+ - Average complaints received per year (over the last five years)
  • Over 7.3 million - Complaints reported since inception
Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.