The FBI’s Internet Crime Complaint Center (IC3) investigates cyber-attacks by criminals, overseas adversaries and terrorists. Acting as a centre to receive complaints of Internet crime, IC3 alerts the appropriate agencies to suspected criminal Internet activity.
In their 2017 Internet Crime Report, IC3 confirmed that they received a total of 301,580 complaints from around the world, with reported losses exceeding $1.4 Billion in 2017.
Which internet crime types account for the greatest losses?
The top three crime types with the highest reported loss were Business Email Compromise, Confidence/Romance fraud, and Non-Payment/Non-Delivery.
Business Email Compromise
Business Email Compromise (BEC) occurs when criminals compromise legitimate business email accounts through social engineering or hacking, to conduct unauthorised transfers of funds.
In 2017, the IC3 received 15,690 BEC complaints, with associated losses of over $675 million.
This type of fraud occurs when the victim is deceived into forming a trust/romantic relationship with the perpetrator, subsequently being persuaded to send them money, financial information or items of value. In some cases the victim may be persuaded to launder money on the criminal’s behalf.
In 2017, the IC3 received 15,372 Confidence/Romance fraud complaints, with associated losses of over $210 million.
In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.
In 2017, the IC3 received 84,079 Non-Payment/Non-Delivery complaints, with associated losses of over $140 million.
What are the most prevalent types of Internet crime?
In addition to Non-Payment/Non-Delivery, the most prevalent crime types reported by victims in 2017 were Personal Data Breach and Phishing.
Personal Data Breach
A personal data breach occurs when personal data is released from a secure location to an untrusted environment. It may refer to incidents where an individual’s personal information is stolen or used by someone else without permission.
In 2017, the IC3 received 30,904 Personal Data Breach complaints, with associated losses of over $77 million.
Phishing involves the perpetrator impersonating a legitimate company, sending the victim unsolicited emails, text messages, or telephone calls requesting personal, financial and/or login credentials.
In 2017, the IC3 received 25,344 Phishing complaints, with associated losses of over $29 million.
What were some other hot topics for 2017?
Extortion occurs when a criminal demands something of value from a victim by threatening physical or financial harm, or the release of sensitive data.
In 2017, the IC3 received 14,938 extortion-related complaints, with associated losses of over $15 million.
Tech Support Fraud
Tech Support Fraud occurs when criminals claim to provide customer, security or technical support, in order to defraud the victim and gain access to their device/s.
In 2017, the IC3 received 10,949 Tech Support Fraud complaints, with associated losses of over $14 million.
A typical ransomware scenario involves the perpetrator using targeted phishing emails to access and encrypt sensitive files on a corporate network, demanding the payment of a ransom in order for the organisation to be able to regain access. Payment is typically demanded in a virtual currency such as Bitcoin.
In 2017, the IC3 received 1,783 ransomware complaints, with associated losses of over $2 million.