The Federal Bureau of Investigation (FBI) has released its yearly Internet Crime Report. There were 791,790 complaints submitted to the FBI’s Internet Crime Complaint Center (IC3) in 2020 that is 69% more than 2019’s. Losses due to cybercrime in 2020 are over $4.2 billion, a 20% increase from 2019. From 2016, the reported losses due to cybercrime are over $13.3 billion.
In 2020, 30.5% of all cybercriminal activity reported to IC3 was phishing. 2.45% of reports were business email compromise (BEC) attacks. BED scams entail breaching a business email account by means of social engineering or phishing and utilizing the account to set up bogus funds transfers. Although these incidents were less in number than phishing, they cause the biggest losses – $1,866,642,107 in 2020. Actually, 2020 had 19% fewer BEC attacks than 2019, but losses were higher by 0.1 billion.
In 2020, cybercriminals took advantage of the COVID-19 crisis to rip-off businesses and people. IC3 got over 28,500 complaints in relation to COVID-19 associated scams, such as targeting the Coronavirus Aid, Relief, and Economic Security Act (CARES) Act that gave small businesses financial help at the time of the pandemic.
IC3 received thousands of complaints regarding scams on Paycheck Protection Program (PPP) loans, unemployment insurance, and Small Business Economic Injury Disaster Loans, in addition to phishing scams that employed COVID-19 designed baits to get personally identifiable information to steal identities and use it for fraudulent applications for CARES Act benefits. Lately, IC3 also received complaints of scams associated with vaccines, like demands to pay for the vaccine, be put on a waiting list, or obtain early administration of the vaccine.
Tech support scams are an increasing challenge. These frauds entail offers of consumer, security, and technical assistance to solve non-existent issues and defraud people. There were 15,421 complaints concerning tech support frauds submitted to IC3 in 2020 from affected individuals in 60 nations, with over $146 million of losses in 2020, higher by 171% than 2019.
IC3 received 2,474 complaints concerning ransomware attacks resulting in losses of $29.1 million. Ransomware was typically installed after email phishing campaigns, Remote Desktop Protocol (RDP) vulnerabilities exploitation, and unpatched vulnerabilities exploitation in software programs.
The FBI documented the key successes in 2020 of the IC3 Recovery Asset Team (RAT). RAT was created in 2018 to improve communications with financial establishments to stop transfers to domestic accounts associated with false pretenses. RAT handled 1,303 cases in 2020 that involve approximately $463 million in losses. The team’s 82% success rate meant stopping over $380 million in falsified transfers.
One of the big successes in June 2020 involved a victim firm that was misled to do a fraudulent transfer worth $60 million to a Hong Kong bank account. The St. Louis field office successfully stopped it and retrieved the $60 million. Another case in April 2020 involved a healthcare victim deceived to do 5 wire transfers amounting to over $2 million. RAT successfully used its Financial Fraud Kill Chain (FFKC) and stopped the transfers.