FBI’s report points out that cybercrime is on the rise, with a focus on phishing and BEC
The FBI published the Internet Crime Report of 2020. The news isn’t encouraging, since, according to the agency, financial losses and cyber threats continue to rise.
The FBI received about 2,169 complaints per day in 2020, resulting in 791,790 reported cases. This number is a record and, probably, linked to cybersecurity awareness campaigns and incentives for people to report crimes.
According to the report, the losses caused by internet scams reached almost USD 4.2 billion in 2020, which represents a growth of 20% in the year-over-year comparison.
In 2019, the agency recorded USD 3.5 billion in losses and 467,361 cases reported. In 2018, there were 351,936 complaints with losses of USD 2.7 billion.
According to the number of victims in 2020, the three main types of crimes are phishing, non-payment or non-delivery scams, and extortion. Victims lost the most money to BEC (Business Email Compromise), romance fraud, and investment schemes.
“Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately USD 1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over USD 54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020”, says the report.
Table of Contents
Key points from the FBI report on internet crimes
1. COVID-19 scams
As the report says, “the year 2020 will forever be remembered as the year of the COVID-19 pandemic”. To make matters worse, criminals took advantage of the world’s fragile moment to unleash hacker attacks.
In 2020, the FBI has received more than 28,500 complaints related to COVID-19.
“These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society – medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others”, says the report.
“One of the most prevalent schemes seen during the pandemic has been government impersonators. Criminals are reaching out to people through social media, emails, or phone calls pretending to be from the government. The scammers attempt to gather personal information or illicit money through charades or threats”.
On Gatefy’s blog, you can follow some cases related to COVID:
Here you can check out Gatefy’s tips to avoid this type of scam.
2. Business Email Compromise (BEC)
Another point of attention in the report concerns BEC attacks, which remain at the top of the list as the threat that causes the most financial damage.
In 2020, BEC scams caused losses of USD 1.8 billion. The previous year’s report points to USD 1.7 billion in losses. But make no mistake. Although it seems like a small variation, we’re still talking about billions of dollars in damage.
In addition to causing huge losses, BEC schemes are no longer just the “CEO Fraud” in which hackers hijack CEO emails to require payments. Cybercriminals are now more sophisticated:
“Over the years, the scam evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards”.
Once again, ransomware has a prominent place in the FBI report. The losses caused by this type of malware have risen sharply: from USD 8.9 million in 2019 to USD 29.1 million in 2020.
We’re talking about a growth of more than 200%.
Gatefy warns of this type of hacker attack frequently and, like the FBI, advises against making payments to cybercriminals if you or your company become victims.
“Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and /or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered”, says the report.
The main vectors of ransomware, according to the report, are software vulnerabilities, Remote Desktop Protocol (RDP) vulnerabilities, and phishing attacks.
“The cybercriminal sends an email containing a malicious file or link which deploys malware when clicked by a recipient. Cybercriminals historically have used generic, broad-based spamming strategies to deploy their malware, through recent ransomware campaigns have been more targeted and sophisticated”.
One of the most interesting data in the report concerns the number of phishing attacks, which have risen considerably in recent years.
In 2020, 241,342 cases were reported (against 114,702 cases in 2019), an increase of more than 110%.
Although the number of victims has increased, there has been a decrease in losses. The damage went from USD 57 million to USD 54 million.
To learn more about phishing, click here.
5. Technical support fraud
“Tech Support Fraud continues to be a growing problem. This scheme involves a criminal claiming to provide customer, security, or technical support or service to defraud unwitting individuals”, says the report.
In 2020, losses involving Technical Support Fraud totaled more than USD 146 million, representing a 171% increase in losses in 2019. In the previous year, there were USD 54 million in losses.
“The majority of victims, at least 66%, report to be over 60 years of age, and experience at least 84% of the losses (over $116 million)”.
6. Investment fraud
Another type of fraud that deserves attention is scams involving investments.
According to the report, this type of fraud “induces investors to make purchases on the basis of false information. These scams usually offer the victims large returns with minimal risk. (Retirement, 401K, Ponzi, Pyramid, etc.)”.
In 2020, losses involving investment fraud totaled more than USD 336 million, with 8,788 cases reported. In the previous year, there were USD 222 million in losses, with almost 4,000 cases reported.
The main types of internet crime
By victim count
- Phishing 241,342
- Non-Payment/Non-Delivery 108,869
- Extortion 76,741
- Personal Data Breach 45,330
- Identity Theft 43,330
By victim loss
- BEC/EAC – USD 1,866,642,107
- Confidence Fraud/Romance – USD 600,249,821
- Investment – USD 336,469,000
- Non-Payment/Non-Delivery – USD 265,011,249
- Identity Theft – USD 219,484,699
2020 Internet Crime Report
Advanced protection against phishing, ransomware, and other threats
In this article, you’ve learned what are the most common threats in terms of victims and financial loss, and you can also see that the incidence of attacks has increased dramatically in recent years.
This means that you need to be prepared and protected. So count on Gatefy and our cybersecurity solutions to keep your company and data safe. Talk to our sales team.