The FBI’s Internet Crime Complaint Center (IC3) investigates cyber-attacks by criminals, overseas adversaries and terrorists. Acting as a centre to receive complaints of cybercrime, the IC3 alerts the appropriate agencies to suspected online criminal activity.
In their 2021 Internet Crime Report, the IC3 reported receiving 847,376 complaints from the American public, representing a 7 percent increase from 2020, with losses exceeding $6.9 billion.
The report outlines the top cybercrime types and trends observed throughout 2021.
Threat overviews for 2021
Business Email Compromise
Business Email Compromise (BEC) occurs when criminals compromise legitimate business email accounts through social engineering or hacking, to conduct unauthorised transfers of funds.
As the COVID-19 pandemic led to an increase in virtual meetings, a new iteration of this scam has seen fraudsters compromising an employer’s email and then requesting that employees participate in a virtual meeting. In those meetings, the fraudster would insert a still picture of the CEO with no audio, or a “deep fake” audio through which fraudsters, acting as business executives, would then claim their audio/video was not working properly. The fraudsters would then use the virtual meeting platforms to instruct employees to initiate wire transfers or use the executives’ compromised email to provide wiring instructions.
In 2021, the IC3 received 19,954 BEC complaints, with associated losses at nearly $2.4 billion.
Confidence Fraud/Romance Scams
This type of fraud occurs when the victim is deceived into forming a trust/romantic relationship with the perpetrator, subsequently being persuaded to send them money, financial information or items of value. In some cases the victim may be persuaded to launder money on the criminal’s behalf.
In 2021, the IC3 received reports from 24,299 victims who experienced more than $956 million in losses to Confidence Fraud/Romance scams.
Cryptocurrency (virtual currency)
In 2021, the IC3 received 34,202 complaints involving the use of some type of cryptocurrency, such as Bitcoin, Ethereum, Litecoin, or Ripple. While that number showed a decrease from 2020’s victim count (35,229), the loss amount reported in IC3 complaints increased nearly seven-fold, from 2020’s reported amount of $246,212,432, to total reported losses in 2021 of more than $1.6 billion.
Cryptocurrency is becoming the preferred payment method for all types of scams, and it is extremely pervasive in investment scams. Many victims of Romance scams also report being pressured into investment opportunities using cryptocurrency.
Increasingly, crypto owners are falling victim to scammers impersonating support or security from cryptocurrency exchanges.
A typical ransomware scenario involves the perpetrator using targeted phishing emails to access and encrypt sensitive files on a corporate network, demanding the payment of a ransom in order for the organisation to be able to regain access. Payment is typically demanded in a virtual currency such as Bitcoin.
In 2021, the IC3 received 3,729 complaints identified as ransomware with associated losses of more than $49.2 million.
Tech Support Fraud
Tech Support Fraud occurs when criminals claim to provide customer, security or technical support, in order to defraud the victim and gain access to their device/s.
In 2021, the IC3 received 23,903 complaints related to Tech Support Fraud from victims in 70 countries. The losses amounted to more than $347 million, which represents a 137 percent increase in losses from 2020.