The FBI’s Internet Crime Center (IC3) released its annual Internet Crime Report on April 22, revealing a dramatic spike in the amount of financial losses incurred in 2018 from internet-enabled theft fraud and exploitation.
The 28-page report is based on 351,937 complaints received by IC3 in 2018, which is a nominal increase over the 301,580 complaints received in 2017. IC3 also estimated that in 2018 there was a total of $2.7 billion in financial losses from online cyber-criminals, which is nearly double the $1.4 billion reported in 2017.
“The 2018 report shows how prevalent these crimes are,” Donna Gregory, chief of IC3, wrote in a statement. “It also shows that the financial toll is substantial and a victim can be anyone who uses a connected device.”
Business Email Compromise
Once again, IC3 identified Business Email Compromise (BEC) as one of the mostly costly scams. BEC attacks occur when a hacker tricks an organization into paying a fraudulent invoice. In 2018, IC3 received 20,373 complaints about BEC, up from the 15,690 complaints received in 2017. Estimated losses from BEC in 2018 according to IC3 hit $1.2 billion, up from $675 million in 2017.
Losses from BEC have mounted rapidly in recent years. In 2015, IC3 estimated that losses for all of 2014 were $215 million. BEC scams have not only grown in volume and financial losses over the last few years, they have also grown in terms of different tactics. In 2018, IC3 reported that it saw an increase in fraudsters requesting victims to buy gift cards to pay for different business or personal invoices.
Payroll Diversion
While BEC scams look to trick victims into paying for fraudulent invoices, another even more lucrative scam IC3 saw in 2018 involved payroll diversion.
With payroll diversion scams, an attacker exploits a victim via a phishing email that is targeted at stealing an employee’s login credentials for a payroll system. Once the attacker has the credentials, deposit information is changed, redirecting funds to an attacker-controlled resource.
In 2018, IC3 reported that losses from payroll diversion came in at approximately $100 million on only 100 complaints.
Tech Support Fraud
Although BEC and payroll diversion complaints generated the most losses, one of the fastest growing areas of complaints came from tech support fraud scams.
In tech support fraud scams, attackers attempt to trick victims into thinking they require some form of assistance to fix a broken system. In 2018, ICE reported a 161% increase in tech support fraud financial losses, totaling $39 million.
IC3 received a total of 14,408 tech support fraud complaints, with the majority of victims being individuals over 60 years of age.
Recovery Asset Team
While attackers continue to attempt to defraud individuals and organizations through various online scams, IC3 has endeavored to help victims recover lost funds.
In February 2018, IC3 established an effort called the Recovery Asset Team (RAT), which is specifically tasked with helping to recover funds lost from BEC scams. The RAT is a joint effort with the Domestic Financial Fraud Kill Chain (DFFKC) group, which is a partnership between law enforcement and financial entities.
“In 2018, the IC3 RAT notified 56 field offices and 12 Legal Attachés of 1,061 DFFKC’s totalling $257,096,992, a recovery rate of 75%,” Matt Gorham, assistant director of the Cyber Division at the FBI, wrote in the report.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.