Losses from Internet crime in the U.S. nearly doubled in 2018 to $2.7 billion, with almost half of that from business email schemes that targeted wire transfer payments, according to the FBI’s 2019 Internet Crime Report.
The report said that the FBI’s Internet Crime Complaint Center (IC3) received approximately 352,000 complaints about cybercrime activity last year. The center has averaged about 300,000 complaints in each of several prior years, but the reported losses increased from $800.5 million in 2014 to $1.42 billion in 2017.
- Business email scams caused $1.2 billion in losses. This is a sophisticated scam targeting both businesses and individuals performing wire transfer payments. Perpetrators compromise legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
- Investment scams caused $253 million in losses from 3,583 victims in 2018. Perpetrators induce investors to make investments on the basis of false information. These scams usually offer the victims large returns with minimal risk. Variations of this scam include retirement schemes, Ponzi schemes, and pyramid schemes.
- Cyber extortion caused 51,146 complaints and $83 million in losses in 2018, a 242% increase in complaints from the previous year. Extortion is used in various schemes including Denial of Service attacks, hitman schemes,
sextortion , government impersonation schemes, loan schemes, and high-profile data breaches (see cybercrime dictionary below).
According to the FBI report, virtual currency is commonly demanded as the payment mechanism in cybercrime schemes because it provides the criminal with an additional layer of anonymity when perpetrating these schemes.
In February 2018, the FBI launched a Recovery Asset Team (RAT) to focus on recovering monies lost through business email scams. In 2018, the team recovered $257 million that has been wired by cybercrime victims, a recovery rate of 75%, the report says.
Cybercrime Dictionary
- A Denial of Service attack typically uses one computer and one Internet connection to flood a network/system.
- A hitman scheme is
an email extortion in which a perpetrator sends a disturbing email threatening to kill the recipient and/or their family. The email instructs the recipient to pay a fee to remain safe and avoid having the hit carried out. - Sextortion occurs when a perpetrator threatens to distribute an individual’s private and sensitive material unless the individual provides the perpetrator images of a sexual nature, sexual favors, or money.
- Government impersonation occurs when a government official is impersonated in an attempt to collect money.
- A loan scheme involves perpetrators contacting victims claiming to be debt collectors from a legitimate company and instructing victims to pay fees in order to avoid legal consequences.
- A high profile data breach is when sensitive, protected or confidential data belonging to a well-known or established organization is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
- A Distributed Denial of Service (DDoS) attack uses multiple computers and Internet connections to flood a network/system.
