The FBI’s annual year-in-review breaks down how 467,000 cyber attacks succeeded in taking consumers and businesses alike for billions of dollars.
The data provided by the FBI each year gives us an unfiltered glimpse into which kinds of attacks were most prevalent, how successful they were, and what was the damage. In their 2019 Internet Crime Report, the latest data provides some insight of where cybercriminals believe “the money is” and, thus, engage in the more lucrative attack types.
According to the report:
- Business Email Compromise (BEC) only represented 5% of all attacks, but netted nearly $1.8 Billion in losses
- Phishing/Vishing/Smishing/Pharming was the number one crime, representing 24% of all attacks
- Spoofing attacks netted over $300 Million in losses
- Of the top 20 crime types (based on total victim loss amount), 17 involved some form of social engineering
It’s evident from this data that email is the medium of choice, providing cybercriminals an unlimited opportunity to scam consumers and businesses using simple to sophisticated social engineering tactics.
The BEC number is staggering and should be seen as a very large flashing red warning light for every organization. The average scam took about $75,000 – and, while that may not be particularly newsworthy, it’s a material amount of money for most organizations.
User access to email must be done within the context of security; organizations need to educate users with Security Awareness Training so the user work with a sense of vigilance, always interacting with email with a security mindset, lowering the organization’s risk of a successful phishing attack.