Cybercrime in 2019: FBI reports $3.5 billion in damages

The bureau has received almost 5 million complaints since May 2000

On February 11, the FBI's IC3 (Internet Crime Complaint Center)^[1] has released a report which compiled data relating to cybercrime in 2019. The Internet Crime Report revealed the numbers behind cybercrime activities, as well as significant losses that were suffered by victims. The bureau has received a total of 467,361 complaints during 2019 and a total of 4,883,231 since May 2000, which averages to 340K yearly and 1,300 daily complaints throughout the past five years:^[2]

IC3 received 467,361 complaints in 2019—an average of nearly 1,300 every day—and recorded more than $3.5 billion in losses to individual and business victims. The most frequently reported complaints were phishing and similar ploys, non-payment/non-delivery scams, and extortion

In total, the suffered losses added up to be huge – $3.5 billion in 2019 alone. A large part of the experienced losses (up to 1.77 billion) involved the crimes related to BEC (Business Email Compromise), also known as EAC (Email Account Compromise). The FBI has received 23,775 complaints regarding these scamming attempts.

Business Email Compromise scams are simple yet effective

BEC scams are one of the most successful cybercrime types of 2019. These attacks rely on a well-known email spoofing technique that deceives many individuals in the enterprise environment, as the “From” address that is seen by the victim looks exactly the same as a legitimate one of a business partner or co-worker. These phishing messages usually include a request to transfer money, and those who fall for it initially do not know they are moving the funds directly to cybercriminals' pockets.

This type of scamming technique is popular among malicious actors because it is not hard to proceed with and does not need to include advanced malware to succeed. Phishing emails are frequently compiled in a legitimately-looking manner, so the victim rarely suspects deception. Such types of scam emails are capable of reaching both simple computer users and worldwide companies, so both need to be aware of these attacks. The requested money transfers might not always require a credit card transfer to bank accounts but also include gift card purchases or similar methods.

According to the report, technical support scams were also very damaging and resulted in $54 million losses last year, which is a 40% increase comparing it to the 2018 statistics. The IC3 also found that malicious actors typically target the elderly (people above 60 years old), as they are particularly susceptible to online scams. Also, ransomware-related crime induced losses of $8.9 million to various government agencies, healthcare companies, educational institutions, and other sectors.^[3]

The Recovery Asset Team has already returned over $300 million in compensation

The FBI motivates people not to stop reporting cybercrimes as this helps it to investigate new trends and various techniques practiced among cybercriminals, resulting in the implementation of more complex and effective security solutions, which help to rise awareness and prevent outbreaks in the future. The FBI also states that their specialist team known as RAT (Recovery Asset Team), has already compensated over $300 million for the victims of 2019.

The bureau also outlines that the potential victims should always be peculiar when providing information about the incident. They should give the FBI every email address, mobile phone number, and additional pieces of information that they have as this would help to deal with the cyber crimes at a higher level of efficiency:^[4]

Victims should include every piece of information they have—any email addresses, account information they were given, phone numbers scammers called from, and other details. The more information IC3 can gather, the more it helps combat the criminals.

The key to safety – awareness and attentiveness

Always be aware that you might become a victim of a scam or malware attack. Keep in mind that, even if the email seems legitimate and comes from a familiar organization, you should not immediately follow the instructions provided inside, such as transferring money, registering for an unknown account or clicking on hyperlinks. Instead, contact the company directly and discuss all the matters via the phone.

To prevent malware^[5] attacks, you should also stay away from bogus files that come attached to spam emails. If you have already downloaded the component to your computer, do not open it before you scan it with anti-malware software or tools like Virus Total. Also, pirated program installers and software cracks are known to be one of the main ransomware and other malware attack vectors, so make sure you stay away from these.