The FBI just released its annual Internet Crime Report, and it is truly a sign of the times.
Here is the report's opening paragraph:
"In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree. These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society—medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others."
The FBI notes that the Internet Crime Complaint Center (IC3) has been key to its mission to track cybercrimes. The IC3 "provides the public with a
trustworthy source for information on cyber criminal activity," and also is a useful tool for victims to report a cybercrime.
The IC3 received 791,790 complaints from the American public in 2020, the most ever in one year, with reported losses exceeding $4.1 billion.
And this year's report highlights five "hot topics."
Business Email Compromise 2020
Business Email Compromise (BEC) and Email Account Compromise (EAC) are scams targeting individuals or organizations performing transfers of funds. This scam is most often used when an attacker compromises legitimate email accounts through social engineering or computer intrusion techniques. The IC3 received 19,369 reports of BEC/EAC scams in 2020.
"In 2020, the IC3 observed an increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency. In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include Extortion, Tech Support, Romance scams, etc., that involved a victim providing a form of ID to a bad actor. That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account."
IC3's Recovery Asset Team (RAT)
IC3's recovery asset team (RAT) is responsible for streamlining communication with financial institutions and assisting the FBI with the freezing of funds for victims who made transfers under fraudulent pretenses. One goal of RAT is to remain at the forefront of emerging trends among financial fraud schemes.
The IC3 report provides key lessons for organizations who become victims of Business Email Compromise.
- Contact the originating financial institution as soon as fraud is recognized to request a recall or reversal and a Hold Harmless Letter or Letter of Indemnity.
- File a detailed complaint with www.ic3.gov. It is vital the complaint contain all required data in provided fields, including banking information.
- Visit www.ic3.gov for updated PSAs regarding BEC trends as well as other fraud schemes targeting specific populations, like trends targeting real estate, pre-paid cards, and W-2s, for example.
- Never make any payment changes without verifying the change with the intended recipient; verify email addresses are accurate when checking email on a cell phone or other mobile device.
RAT success stories
The IC3 report includes details on three cases where the recovery asset team successfully contributed to investigative efforts. Here is one of those examples:
"In June 2020, the IC3 received a complaint filed by a victim company regarding a wire transfer of $60 million to a fraudulent overseas bank account in Hong Kong. The reported transaction date fell outside of the International Financial Fraud Kill Chain (FFKC) time frame for action; however, The IC3 RAT notified the Legal Attaché of Hong Kong and the St. Louis Field Office of the large dollar loss. Through the collaboration efforts of the IC3 RAT, the Legal Attaché of Hong Kong, and Hong Kong banking and law enforcement partners, the wire was located and immediately blocked from entering the
beneficiary account in Hong Kong. The St. Louis Field Office quickly contacted the victim of this incident to initiate a recall letter with the originating bank and Hong Kong Police. Through these efforts, the full amount of $60 million was returned to the victim."
Tech support fraud
The IC3 received 15,421 reports related to tech support fraud in 60 countries with over $146 million in losses in 2020, a 171% increase from 2019. Here is what the FBI says about tech support fraud:
"Tech Support Fraud continues to be a growing problem. This scheme involves a criminal claiming to provide customer, security, or technical support or service to defraud unwitting individuals. Criminals may pose as support or service representatives offering to resolve such issues as a compromised email or bank account, a virus on a computer, or a software license renewal. Recent complaints involve criminals posing as customer support for financial institutions, utility companies, or virtual currency exchanges. Many victims report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards."
Despite ransomware constantly being in the headlines, the number of reported cases is significantly lower than tech support fraud and BEC scams. The IC3 received 2,474 reports of ransomware equating to more than $29.1 million in losses.
However, many in the industry believe the dollar figure for ransomware losses is far too low and only represents of a subset of victims and ransoms paid.
For more detailed information and additional statistics on internet cybercrime in 2020, you can read the complete IC3 report.