Last week, the USA’s Federal Bureau of Investigation (FBI) released their annual Internet Crime Report, which highlighted the very real threat that cyber-attacks pose to businesses across the globe.
On average, more than 2,300 complaints about cybercrime are received daily by the FBI, a number which is only set to increase as the business world becomes more accustomed to remote work.
The report has been released at a time when governments, including the Biden administration in the USA, and cyber security authorities in Australia, are cautioning businesses to prepare for an increase in cyberattacks, largely due to increasing tensions between nations.
The Internet Crime Report pulls back the curtain on just how prevalent and costly cybercrime is becoming to individuals and businesses. To assist the public with staying informed, we have compiled a list of the most important statistics from the report:
1. $6.9 billion was lost due to cybercrime in the USA in 2021
This figure is up 64% from 2020, when $4.2 billion USD was reportedly lost. The costliest of crime types were BEC/EAC schemes, Investment, and Confidence Fraud/Romance scams.
2. There was a 7% increase in cybercrime reports overall
In 2021, there were 847,376 complaints reported with 466,501 victims, whereas in 2020 there were 791,790 reports. This shows a dramatic increase in the past five years, when in 2017 only 301,580 cybercrimes were reported.
3. Phishing scams claimed four times more victims than any other crime
With vishing, smishing and pharming also falling under this category, it may come as no surprise that these crime types were responsible for 323,972 of the year’s total (466,501) reported victims. This number is up almost 80,000 from the year before.
With phishing kits and ransomware-as-a-service becoming more accessible than ever, phishing attacks are becoming increasingly more sophisticated. While lots of us probably think we can spot a scam email, it just takes one small lapse in judgement to click a link, download an attachment, or enter login details and have your credentials or device compromised.
4. Business Email Compromise (BEC) schemes were the biggest money makers for cybercriminals
While BEC schemes only accounted for 2.4% of complaints to the FBI, victims lost almost $2.4 billion to these scams. BEC scams often include invoice fraud and employee/CEO impersonation and involve a business email being compromised by a cybercriminal to initiate fraudulent wire transfers from trusting and unsuspecting employees.
These attacks have become increasingly more common and complex since the COVID-19 pandemic began. No longer limited to email hacking and correspondence, fraudsters typically use virtual meeting platforms (like Microsoft Teams or Zoom) to impersonate a CEO or CFO and instil a sense of trust, claiming that they are having audio or video problems (a common occurrence for remote workers), and then sending instructions via message or email on how to send the wire transfer. These transfers are generally then transferred immediately into crypto wallets and moved around, making recovery of the funds incredibly difficult.
To protect businesses from BEC schemes, we recommend using strong passwords, multi-factor authentication, and an industry leading cloud email security solution like MailGuard, at a minimum.
5. The Internet Crime Complaint Center’s (IC3) Recovery Asset Team (RAT) had a 74% success rate
Established in 2018, the RAT works as a middleman between law enforcement and financial institutions and attempts to freeze funds transferred as a result of domestic cybercrime. In 2021, the RAT’s newly introduced Financial Fraud Kill Chain (FFKC) was initiated on 1,726 BEC complaints, totalling $443 million in potential losses. Thankfully, the RAT’s FFKC was able to freeze approximately $329 million of this.
6. Crypto crimes are almost 7 times more costly than in 2020
While the number of reported complaints of crimes involving cryptocurrencies dropped from 35,229 in 2020 to 34,202 in 2021, the cost of the attacks was far more damaging. Jumping from a reported loss of $246 million in 2020 to $1.6 billion in 2021, it is evident that crypto is becoming the currency of choice for many scammers. This is in part due to the fact that these transactions are often difficult to trace, but also because cryptocurrency ATMs are more readily available, instant, and irreversible, and regulations on them are currently lacking.
Almost 45% of Confidence Fraud/Romance losses in 2021 were from victims who reported the use of investments and cryptocurrencies, totalling $429 million. The FBI notes that crypto is also frequently used in Investment, Employment and Government Impersonation scams. It is also commonly used in ransom situations.
7. Senior citizens were the victims hit the hardest
Although not all complaints to the FBI included an age range, from the data available it was apparent that those 60+ were the most impacted by cybercrimes, accounting for $1.68 billion lost and 92,371 complaints filed. In comparison, those in the 20-29 range made 69,390 reports, but only lost $431.1 million.
According to the FBI, individuals in this age range are frequently targets for scams because they tend to be more trusting, polite, and financially well-off.
8. California residents were most heavily impacted by cybercrime
California, which is historically noted as the most vulnerable state to cybercrime, topped the list for both number of victims and reported losses again in 2021. With 67,095 victims, California lost $1.2 billion to cybercrime throughout the year. This figure is more than double the next closest state, Texas, which had a loss of $602.1 million from 41,148 victims, followed by New York, which suffered a $560 million loss from 29,065 victims.
9. Almost all cybercrime has increased dramatically in the last five years
Since 2017, money lost to cybercrime has increased by almost 400%, and the overall reports made to the FBI have risen 191%. Although the global pandemic is somewhat to blame for the rise, it has largely exacerbated a pre-existing problem. The Internet Crime Report shows that cybercrime has been on a steady rise for the past five years, with a noticeable jump in 2020.
Almost half of emails sent in 2021 were phishing emails, and many of these are more sophisticated than those that may immediately spring to mind. Although your spam inbox is probably still flooded with poorly worded emails from “Nigerian princes”, many scams have evolved beyond this.
Fraudsters now have a whole repertoire of tools and tactics to apply, including social engineering, phishing and ransomware toolkits, robocalls, deepfakes and more, making it harder for individuals to detect a scam and therefore, more successful. Additionally, technological advancements make cybercriminals even harder to trace, potentially making it a lucrative business opportunity for more and more people.
10. Reports of extortion almost halved
In somewhat of a silver lining, the report noted that while most cybercrimes are on the rise, extortion rates almost halved, dropping from 76,741 in 2020, to 39,360 in 2021. In fact, cyber extortion reports are at the lowest they have been since 2017.
The decline from last year’s numbers may have been as a result of the re-opening of cities following pandemic lockdowns throughout 2020, during which time cyber extortionists “found ways to exploit vulnerabilities as people [became] more anxious and more isolated”. However, it may also correlate with other scams, such as BEC schemes, becoming more the more lucrative option for cybercriminals.
The statistics detailed throughout the report are staggering, however, it is important to note that these are only the incidents that were reported to the FBI and the numbers most likely only reflect a fraction of the cybercrimes that were actually committed in 2021.
If you are in the USA and need to report a cybercrime, the FBI recommend you do so here: www.ic3.gov
Keep your business protected
No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist cloud email security solution like MailGuard to complement Microsoft 365.
For a confidential discussion about your cyber readiness, and to see how MailGuard can help to keep your business, your team, and your data secure, reach out to my team at firstname.lastname@example.org.