The FBI’s Internet Crime Complaint Center (IC3) published its 2019 Internet Crime Report which stated that cybercrime was behind individual and business losses of $3.5 billion, represented by 467,361 reported complaints received last year. Under the subsection titled: “Reported Complaints,” many individuals and businesses did not report their losses and this dollar amount of losses is under reported. IC3 says that it has received 4,883,231 complaints since its inception in May 2000, with an average of around 340,000 complaints per year and over 1,200 complaints per day during the last five years. These resulted in recorded losses reported by victims of $10.2 billion over the last five years, between 2015 and 2019.
The most frequently reported complaints were the result of phishing and similar schemes, such as non-payment/non-delivery scams and extortion lures. The highest dollar amount losses involved business email compromises, romance/confidence fraud and keylogged email accounts. The keylogged accounts allowed the hacker/criminal to obtain personal, private or financial information that led to the loss.
These scams typically involve a criminal spoofing or mimicking a legitimate email address," the report explains. "For example, an individual will receive a message that appears to be from an executive within their company or a business with which an individual has a relationship,” says Donna Gregory, the chief of IC3. In 2019 instead of cybercriminals using new types of fraud to steal money from their victims, they were adopting new techniques and tactics to further evade detection while carrying out their scams. "Criminals are getting so sophisticated," Gregory added. "It is getting harder and harder for victims to spot the red flags and tell real from fake."
Your bank and on-line accounts are continuing to require 2 Factor Authentication before allowing transactions to be made. This same logic should be used by all employees when financial action requests are made, other than in person or by telephone. Always check web and email addresses and do not click on any of them. The URLs could look legitimate, but their spelling could be off by only one letter, or .co instead of .com, etc.
The IC3 stated that their Recovery Asset Team (RAT), which was formed in February 2018, was able to assist in recovering in its first full year of operation over $300 million lost to online scams.
The cybercrime method reported with the highest total of victim losses is Business Email Compromise, also known as the Email Account Compromise. These loses reached nearly $1.8 billion in losses according to the 23,775 recorded complaints which targeted wire transfer payments. We feel this dollar amount is low due to unreported complaints. The targeted email request will request a payment, wire transfer or gift card purchase. The entire scam is based on an earlier email breach, where a user’s address book has been compromised and the receiving party recognizes the requesting party’s name, email address, etc. No matter what the reason was for the request, the funds are transferred to criminals. During 2019, the IC3 observed an increased number of diversion of auto-deposit payroll funds. Hackers were sending emails to a company’s HR or accounting departments requesting that the payroll amount be deposited in a “new” account, while posing as an employee.
IC3 Tech Support handled fraud complaints which were received from targets in 48 countries. The number of complaints totaled 13,633 with loses in excess of $54 million. We feel that this number is underestimated due to victims not placing formal complaints.
Information reported to the IC3 helps the FBI better understand cyber criminals and publish warnings to consumers and businesses. But how do keep from becoming a victim?
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Institute cyber threat training for all employees.
- Review and update your cyber threat and information security policies and procedures.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided through Cysurance.
Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email firstname.lastname@example.org