FBI: Victims Lost $4.2 Billion to Cybercriminals in 2020
The FBI’s Internet Crime Complaint Center (IC3) Has Observed A Significant Increase in Cybercrime Complaints Over the Past Five Years.
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has published its annual report for 2020, revealing that a total loss of $4.2 billion was reported by cybercrime victims in the US alone.
Image Source: IC3
As you can imagine, there was also an increase in the number of complaints received by the IC3, which more than doubled since 2019.
IC3 received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020.
The report reveals that in 2020 the IC3 received 28,500 complaints related to the COVID-19 pandemic. Threat actors targeted several hospitals and medical facilities, and also unemployment insurance, and other avenues revolving around CARES Act stimulus funds.
One of the most common schemes criminals used to trick people was impersonating government officials and reaching out to victims via emails, phone calls, and social media to gather personal information about them or to ask them for money.
A significant rise in Business Email Compromise (BEC) scams was also observed. Hackers trick the victims into conducting wire transfers that appear legitimate but are, in fact, unauthorized. The instructions direct the wire transfers to the cybercriminals’ domestic or foreign bank accounts. BEC victims reported losses of over $1.8 billion, which is a huge chunk of the $4.2 billion total.
In 2020, the IC3 observed an increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency. In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include Extortion, Tech Support, Romance scams, etc., that involved a victim providing a form of ID to a bad actor. That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.
Tech support fraud continues to be a growing problem, with losses amounting to over $146 million. Fraudulent tech support scammers are well-known for taking advantage of unsavvy computer users by reeling them in with such scare tactics and charging large amounts of money for fake services. In most cases, these threat actors sell free security products (or straight up pirate them) for hundreds of dollars more than their actual retail price. Security vendors may not be aware of these practices let alone what kind of sales tech support scammers use to force those sales.
According to the IC3 report, the losses are 171% more than the ones in the category for 2019, and that most victims are over 60 years of age.
Ransomware reports contributed $29.1 million to the total amount of losses, as well, which is over thrice as much as the $8.9 million reported losses in the category for 2019. The ransomware phenomenon continues to dominate the threat landscape and affect important sectors (hospitals, banks, universities, government, law firms, mobile users) and various organizations equally worldwide.
The real amount victims lost to ransomware attacks in 2020 is probably higher than $29.1 million, though, since cybercriminals took a number of hospitals’ and medical providers’ networks hostage in the midst of the pandemic.
The FBI recommends readers submit complaints to IC3 and to reach out to their local FBI field office to report malicious cybercriminal activity.