The 2020 Internet Crime Report results show that fraudsters are working overtime in multiple areas
The FBI’s Internet Crime Complaint Center (IC3) received nearly 800,000 complaints about cybercrime last year, more than two-thirds of a jump from what was seen in 2019. About a third of these complaints are from phishing attacks. The report summarizes data submitted by the general public and businesses on its website portal and is produced each year. Over $4 billion in losses attributable to these complaints was calculated, the most ever for what has been seen in one of these reports.
The biggest takeaway for business owners is that half of these losses is caused by business email compromise attacks. That means a criminal impersonated one of your executives’ email accounts and got a victim to send them money. Typically, the funds are sent to a bank account controlled by the attacker, in the guise of paying for what appears to be a legitimate business invoice.
The IC3 reported that these attacks mostly relate to identity theft and cryptocurrency scams. The good news is that the FBI has its own team of specialists who are called in to try to freeze these criminal accounts and return funds back to the business. More than 80% of the funds were recovered, such as a $60 million wire transfer that was attempted to be stolen from a St. Louis business and was to be sent to a Hong Kong bank.
Fighting this fraud isn’t hard — you just have to be careful and you should employ multiple factor authentication and have multiple signatories for payment processing. If your accounts are compromised, contact your bank immediately and file a complaint with the IC3, including your banking information. Also, “never make any payment account changes without first verifying them with the recipient,” says the FBI in its report.
Image via Security Affairs
Not surprisingly, last year “saw the emergence of scams exploiting the Covid-19 pandemic. The IC3 received over 28,500 complaints related to Covid-19, with fraudsters targeting both businesses and individuals.” The frauds targeted messages of aid, business relief (such as suggesting they were legit uses of the various laws to aid small businesses), unemployment insurance and paycheck loan programs.
Be careful of emails that appear to be coming from the government: the government usually doesn’t email individuals or business owners out of the blue and certainly doesn’t request private information via email.
Thanks to increases in reports of scams targeting older folks, the Department of Justice and the FBI have partnered to create the Elder Justice Initiative, which covers all kinds of frauds and abuses targeting people over 60 years old. IC3 is planning on a special report with a focus on these scams later this year.
One of the issues of the IC3 annual report is under-reporting: not everyone who has been scammed enters their complaint with the FBI, especially when it comes to ransomware attacks and incidents that happen with highly regulated industries. And not everyone recognizes when they have been subject to a phishing attack, for example.
There are also some attacks, such as the recent SolarWinds leak, that continue to remain undetected for many months. Still, the FBI's report is a good overall summary of year-on-year trends. Plus, given the disruption to many of our lives thanks to the pandemic, we can see that fraudsters are working overtime.
Colonial Pipeline CEO told the U.S. Senate that the massive ransomware attack that disrupted fuel shipments was caused by attackers stealing one password.
Current staffing practices are largely in need of reform when recruiting for cybersecurity positions, and the latest ISACA workforce report suggests how to resolve the industry's workforce shortage.