And victims aren't reporting ransomware attacks...
Online extortion, tech support scams and phishing attacks that spoof the boss (CEO Fraud) were among the most damaging and expensive scams according to new figures from the FBI's Internet Crime Complaint Center (IC3).
The IC3 report released Thursday identifies some of the most prevalent and insidious forms of cybercrime today, but the total financial losses tied to each crime type also show that victims do not report these crimes to law enforcement very much.
Source: Internet Crime Complaint Center (IC3).
Note that the FBI calls CEO fraud "Business Email Compromise" and commented: "Business Email Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses who regularly perform wire transfer payments. The Email Account Compromise (EAC) component of BEC targets individuals who perform wire transfer payments.
"The techniques used in both the BEC and EAC scams have become increasingly similar, prompting the IC3 to begin tracking these scams as a single crime type in 2017. The scam is carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds."
People Only Report 15% Of Ransomware Attacks
Writing for BleepingComputer.com — a great tech support forum run by our friend Larry Abrams — Catalin Cimpanu observes that the FBI’s ransomware numbers “are ridiculously small compared to what happens in the real world, where ransomware is one of today’s most prevalent cyber-threats.”
“The only explanation is that people are paying ransoms, restoring from backups, or reinstalling PCs without filing a complaint with authorities,” Cimpanu writes.
Real Cost Of Cyber Fraud Closer to $9 billion
Since roughly 15 percent of the nation’s fraud victims report their crimes to law enforcement, for 2016, 298,728 complaints were received, with a total victim loss of $1.33 billion. Intrepid investigative cybercrime reporter Brian Krebs noted: "If that 15 percent estimate is close to accurate, that means the real cost of cyber fraud for Americans last year was probably closer to $9 billion.
Applying that same 15 percent rule, that brings the likely actual losses from CEO fraud schemes to around $2.4 billion last year."
Bonus report. You Can Now See This For Your Own State
For instance, take Florida where KnowBe4 is located. The FBI reported It lost $29,560,665 to BEC just last year, but using the 15% rule it's most likely a whopping $190 million, and that is just one state. This is the link where you can filter on the numbers for your state, which is useful if you are going for IT security budget approval and need numbers that are real and close to home. Here is the full ICS report (PDF)
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser: