The FBI recently published its 2017 Internet Crime Report highlighting trends and statistics compiled by the FBI’s Internet Crime Complaint Center (“IC3”) during 2017.
The report compiles data from a total of 301,580 complaints which reported losses of over $1.4 billion. In addition to an explanation of the IC3’s history and operations, the report includes five “hot topics” from 2017: business email compromise (“BEC”), ransomware, tech support fraud, extortion, and the Justice Department’s Elder Justice Initiative.
- Business Email Compromise: This category of attack targets businesses’ financial transactions, including wire transfers, employee W-2 forms, and real estate transactions. Essentially a specialized phishing scheme, BEC (also known as CEO Fraud) compromise legitimate business email accounts to initiate fraudulent funds transfers which they route through accounts in multiple countries, with a large majority of the stolen money moving to places like Hong Kong. Victims reported being contacted by subjects posing as CEOs, CFOs, and lawyers. The IC3 reported 15,690 BEC complaints with adjusted losses of over $675 million in 2017.
- Ransomware: This category of attack refers to specialized malware that can rapidly encrypt sensitive data, and very often is not reported to the authorities. The FBI notes that it does not support paying ransoms to adversaries, citing instances where the victim paid the ransom but never received decryption keys. The IC3 reported 1,783 ransomware complaints in 2017.
- Tech Support Fraud: This category of attack targets individual consumers by claiming to provide customer, security, or technical support to elicit fraudulent payments or access to consumers’ computers. The specifics of this scam change regularly, but can include telephone calls, malicious pop-up screens, URL hijacking, and phishing emails. In addition to eliciting payments from victims, if the attackers are able to connect to the victim’s device, they download personal information including financial accounts, passwords, and Social Security numbers. The IC3 reported 10,949 tech support fraud complaints with adjusted losses of approximately $15 million in 2017, which represents a 90% increase from 2016.
- Extortion: This category of attack refers to threatening physical harm, financial harm, or the release of sensitive data unless the victim provides something of value. The report notes that extortion-related complaints in 2017 included reports of Denial of Service attacks, hitman schemes, sextortion, government impersonation schemes, loan schemes, and data breaches. The IC3 reported 14,938 extortion-related complaints with adjusted losses of over $15 million in 2017.
- Elder Justice Initiative: The IC3 reports that victims over 60 years old filed 49,523 complaints and lost more money than any other age group in 2017, with estimated total losses of over $342.5 million. On February 22, 2018, Attorney General Sessions announced the Elder Justice Initiative to support and coordinate DOJ’s enforcement and programs to combat elder abuse, neglect, and financial fraud. The Initiative will work to build local, state, and federal capacity to fight abuse by providing targeted training; promote justice for older Americans through investigation and prosecution of financial scams that target the elderly; support foundational research into elder abuse and financial exploitation; and help older victims and their families by connecting them with appropriate investigative agencies and resources.
The full FBI 2017 report is available here
Note that KnowBe4 has a free one-hour, 8-section Internet Security Awareness Course for all ages, which we strongly recommend you send to your friends and family. The address is: https://www.knowbe4.com/homecourse and to make it easy for everyone, the password is homecourse
Let's stay safe out there.
Warm regards,
Stu
