Monday, March 22, 2021

FBI – Internet Crime Complaint Center (IC3) Annual Internet Crime Report

Since 2000, the FBI’s Internet Crime Complaint Center (IC3) has been collecting complaints from victims of internet crime through its website, www.ic3.gov.  The complaints are used build a database that the FBI, as well as state and local law enforcement agencies, can use in their investigations. IC3 analyses complaint data and refers data on specific internet crimes to local, state, federal and international law enforcement agencies for potential investigations. It also issues alerts to the public about internet crime trends.

Since its inception, IC3 has received over 5.6 million complaints. Over the last five years, it has received an average of 440,000 complaints per year for a total loss of $13.3 billion.

IC3 recently issued its 2020 Annual Internet Crime Report. Among its findings,

Washington State is in the top 10 states by numbers of victims with 17,229 victims for a loss of over $88 million.

COVID-19. Scammers and fraudsters took full advantage of the COVID-19 pandemic. IC3 received over 28,500 COVID-19 complaints in 2020. Most complaints related to the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) involving grant fraud, loan fraud, and phishing for Personally Identifiable Information (PII). Fraudsters also targeted unemployment insurance, the Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans.

Impersonation scammers have been using the pandemic as they contact victims through social media, emails, and phone calls to gather personal information or collect money through charades or threats.

With the distribution of COVID-19 vaccines, scammers have charged people to receive the vaccine or put them on vaccine waiting or early access lists. Fraudulent advertisements for vaccines have shown up on social media, email, telephone calls, and online.

Business Email Compromise (BEC). In 2020, the IC3 received 19,369 Business Email Compromise (BEC) and Email Account Compromise (EAC) complaints with losses of over $1.8 billion. BEC/EAC scams target businesses and individuals who perform transfers of funds. The scams are carried out when business email accounts are compromised through social engineering or computer intrusion techniques to intercept or generate unauthorized transfers of funds.

The report points out that BEC/EAC schemes have evolved, starting out in 2013 with hacking or spoofing email accounts of chief executive or chief financial officers, then sending fraudulent emails requesting wire payments be sent to fraudulent accounts. In recent years, the scam has expanded to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.

In 2020, there has been an increase in BEC/EAC for identity theft and converting funds to cryptocurrency. An initial victim might be scammed in non-BEC/EAC situations including Extortion, Tech Support, Romance scams, etc., where a victim provides a form of ID to a scammer. Then that information is used to establish a bank account that is used to receive stolen BEC/EAC funds which is then transferred to a cryptocurrency account.  

Tech Support Fraud. While the pandemic caused a brief slowdown, IC3 continued to see an increase in incidences and losses to Tech Support Fraud. In 2020, IC3 received 15,421 complaints about Tech Support Fraud with losses amounting to over $146 million, a 171 percent increase over 2019.

Criminals may pose as support or service representatives to claim to provide customer, security, or technical support, offering to resolve a compromised email or bank account, a virus on a computer, or a software license renewal. The crooks might claim to be from a computer company, financial institution, utility company, or virtual currency exchange. Many victims report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards.

66 percent of the victims are over 60 years of age and experience at least 84 percent of the losses (over $116 million).  

For information on how to avoid Tech Support Fraud check out this IC3 public service announcement- https://www.ic3.gov/Media/Y2018/PSA180328.

Ransomware. Criminals will find a way to insert malware that encrypts a computer’s or a computer network’s data making it unusable to the user. They then demand payment to unlock the data, hence the name ransomware. In 2020, IC3 received 2,474 complaints about ransomware with losses of over $29.1 million.

The three major methods of inserting ransomware are,

 

            Email phishing- Inserting the ransomware through a link or attached file in an email.

            Remote Desktop Protocol (RDP). RDP allows people to control a computer’s resources and data over the internet. Cyber criminals will gain access to the RDP protocol then insert the ransomware.

            Software vulnerabilities. Cyber criminals take advantage of security weaknesses in software or operating systems to insert their ransomware.

 

The Cybersecurity & Infrastructure Security Agency (CISA) has become concerned that ransomware is becoming a growing internet security threat to organizations and individuals. For information on protecting your organization and yourself from ransomware checkout this CISA link- https://www.cisa.gov/ransomware

 

IC3 Internet Crime Report 2020:

https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

 

IC3 Internet Crime Report 2020, Washington State Data:

https://www.ic3.gov/Media/PDF/AnnualReport/2020State/StateReport.aspx#?s=54

 

 

No comments:

Post a Comment