Social engineering attacks account for the vast majority of cybercrime in the US, according to researchers at SEON. The security firm found that phishing, non-payment or non-delivery scams, and extortion made up 58% of reported cybercrime.
“The most common type of cybercrime in the US is phishing and pharming, which accounted for 32.96% of all reported cybercrime in the country in 2020,” SEON says. “Phishing and pharming refer to the fraudulent practice of luring people into revealing personal information, such as passwords, login details and credit card numbers.”
Non-payment and non-delivery scams accounted for just under 15% of cybercrime.
“The second most common type of cybercrime was non-payment and non-delivery, which was reported 108,869 times and made up 14.87% of cybercrimes,” the researchers write. “Non-payment refers to a buyer not paying for goods or services received, while non-delivery refers to the failure to deliver goods or services that have been paid for.”
Ransomware was the most common form of extortion. This malware usually gains access via a phishing attack or through a technical vulnerability like an exposed RDP port.
“Extortion is the third most common form of cybercrime, with 76,741 reported incidents in 2020, which reflect 10.48% of all cybercrime in the USA,” the researchers write. “Extortion comes in several forms, with the most common being the use of ransomware to seize access to your files and devices, followed by a demand for money, cryptocurrency, gift cards or any other form of payment.”
SEON concludes that companies should ensure that they have mitigations in place and ready-to-use to minimize the likelihood of these attacks succeeding.
“Whether involved in ecommerce fraud or credit card fraud, these criminals now have a plethora of tools at their disposal to trick you into handing over your money,” SEON says. “This puts both consumers and businesses at risk when conducting transactions online, with fraudsters counting both as fair targets. Ecommerce retailers now experience an average of 206,000 web attacks per month, with 42% of businesses saying that digital fraud hampers innovation and expansion into new channels. Yet, despite this, only 34% of companies are investing in fraud prevention and mitigation.”
New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to recognize social engineering tactics.
SEON has the story.