The Internet Crime Complaint Center (IC3), a cybercrime-focused division of the US Federal Bureau of Investigation (FBI), registered over 350,000 complaints of suspected Internet crime in 2018 that cost the complainants upwards of $2.7 billion.
The report details the most damaging threats targeting both companies and the general public. For example, Business Email Compromise (BEC) caused the most cybercrime-related losses in 2018, at $1.2 billion. The scam, targeting both businesses and individuals performing wire transfer payments, leverages compromised email accounts. Attackers obtain the victim’s credentials through social engineering or computer intrusion techniques. In 2018, the IC3 saw an increase in BEC complaints involving gift cards.
Payroll Diversion accounted for $100 million in losses from approximately 100 complaints. In this type of scam, attackers send phishing emails designed to capture login credentials. Witt the credentials in hand, attackers change the direct deposit information, redirecting payroll funds to an account they control.
Tech Support Fraud reports were on the rise last year, costing victims a total of $39 million – a 161% increase from 2017. Most of the 14,000+ complaints to the IC3, were filed by victims aged 60 years or more. The report briefly mentions two accounts of tech support scams that ended in the arrest of the perps.
Extortion (which for some reason doesn’t include ransomware in the IC3 report) inflicted damages worth $83 million to victims in 2018 – a 242% increase from 2017.
Other stats are included in the report, such as victims by age group, the top 20 foreign countries by victim count, the top 10 US states by number of victims and victim loss, a list of crime types, and more. Losses from cybercrime in 2018 totaled an estimated $2.71 billion.
The IC3 is careful to point out that the total reported number of complaints “only represents what victims report to the FBI via the IC3 and does not account for victim direct reporting to FBI field offices/agents.”
This aspect generates some considerable margins of error in some types of cybercrime, such as ransomware. According to the IC3, the estimated losses from ransomware don’t include estimates of lost business, time, wages, files, equipment, or any third-party remediation services acquired by a victim. Furthermore, not all victims report a loss amount to the FBI, making the ransomware loss figure artificially low.