Share this article on:
The Federal Bureau of Investigation (FBI) has published its annual Internet Crime Report. 791,790 complaints were made to the FBI’s Internet Crime Complaint Center (IC3) in 2020, which is a 69% increase from 2019. More than $4.2 billion was lost to cybercrime in 2020, an increase of 20% from 2019. Since 2016, there have been reported losses to cybercrime of more than $13.3 billion.
In 2020, the most reported cybercriminal activity was phishing, which accounted for 30.5% of all complaints to IC3. 2.45% of complaints were about business email compromise (BEC) attacks. Business email compromise scams involve compromising a business email account through social engineering or phishing and using the account to arrange fraudulent transfers of funds. While these incidents were far less numerous than phishing, they were the biggest cause of losses. $1,866,642,107 was lost to BEC attacks in 2020. 2020 saw a 19% reduction in BEC attacks compared to 2019, although losses increased by 0.1 billion.
In 2020, cybercriminals exploited the COVID-19 pandemic to scam businesses and individuals. IC3 received more than 28,500 complaints about COVID-19 related scams, including targeting the Coronavirus Aid, Relief, and Economic Security Act (CARES) Act which provided small businesses with financial assistance during the pandemic.
Thousands of complaints were received by IC3 about scams targeting unemployment insurance, Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans, as well as phishing scams that used COVID-19 themed lures to obtain personally identifiable information to steal identities and fraudulently apply for CARES Act benefits. Recently, IC3 has been receiving complaints about scams related to vaccines, such as demands to pay out of pocket to receive the vaccine, be placed on a waiting list, or get early access to the vaccine.
Tech support fraud is a growing problem. These scams involve offers of customer, security, and technical support to resolve non-existent problems and defraud individuals. 15,421 complaints about tech support scams were received by IC3 in 2020 from victims in 60 countries, with more than $146 million lost to the scams in 2020, up 171% from 2019.
2,474 complaints were made to IC3 about ransomware attacks, which involved adjusted losses of $29.1 million. Ransomware was most commonly installed following email phishing campaigns, exploitation of Remote Desktop Protocol (RDP) vulnerabilities, and exploitation of unpatched vulnerabilities in software.
The FBI reported on the major successes of the IC3 Recovery Asset Team (RAT) in 2020. RAT was set up in 2018 to streamline communications with financial institutions to freeze transfers made to domestic accounts under false pretenses. RAT dealt with 1,303 incidents in 2020 involving losses of almost $463 million. The team had an 82% success rate and was able to freeze more than $380 million in fraudulent transfers.
One of the major successes was seen in June 2020 when a victim company was tricked into making a fraudulent $60 million payment to a Hong Kong bank account. The St. Louis field office was able to block and recover all $60 million. In April 2020, a healthcare victim was tricked into making 5 wire transfers totaling more than $2 million. RAT was able to successfully implement its Financial Fraud Kill Chain (FFKC) and freeze the transfers.