The FBI's Internet Crime Complaint Center released its 2019 Internet Crime Report, and by no surprise the bad guys and new scams show no signs of stopping anytime soon. Last year the highest dollar losses and complaints were reported since the center was established in 2000.
Donna Gregory, the chief of IC3, said that in 2019 the center didn’t see an uptick in new types of fraud but rather saw criminals deploying new tactics and techniques to carry out existing scams.
“Criminals are getting so sophisticated,” Gregory said. “It is getting harder and harder for victims to spot the red flags and tell real from fake.”
The FBI report had a breakdown of the different crime types:
.jpg?width=708&name=image001%20(1).jpg)
The most costly complaints involved business email compromise (BEC), romance or confidence fraud, and domain spoofing.
Shifts in Business Email Compromise
Business email compromise (BEC), or email account compromise, has been a major concern for years. In 2019, IC3 recorded 23,775 complaints about BEC, which resulted in more than $1.7 billion in losses.
These scams typically involve a criminal spoofing or mimicking a legitimate email address. For example, an individual will receive a message that appears to be from an executive within their company or a business with which an individual has a relationship. The email will request a payment, wire transfer, or gift card purchase that seems legitimate but actually funnels money directly to a criminal.
In the last year, IC3 reported seeing an increase in the number of BEC complaints related to the diversion of payroll funds. “In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period,” the report said. The change instead routes an employee’s paycheck to a criminal.
The Importance of Reporting
“Information reported to the IC3 plays a vital role in the FBI’s ability to understand our cyber adversaries and their motives, which, in turn, helps us to impose risks and consequences on those who break our laws and threaten our national security,” said Matt Gorham, assistant director of the FBI’s Cyber Division. “It is through these efforts we hope to build a safer and more secure cyber landscape.” Gorham encourages everyone to use IC3 and reach out to their local field office to report malicious activity.
Rapid reporting can help law enforcement stop fraudulent transactions before a victim loses the money for good. The FBI’s Recovery Asset Team was created to streamline communication with financial institutions and FBI field offices and is continuing to build on its success. The team successfully recovered more than $300 million for victims in 2019.
Security awareness training is essential in ensuring users understand the mechanisms of BEC and other calculated attacks. Check out the full story from the FBI.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
