The FBI’s Internet Crime Complaint Centre (IC3) has released a report indicating that financial losses due to cybercrime rose drastically in 2018.
The 2018 Internet Crime Report revealed that IC3 received over 350,000 complaints from businesses, a rate of nearly 900 complaints a day. The report stated that losses totalled at more than $2.7 billion. This figure is an increase of 92% in comparison to 2017.
The 2018 loss figure accounts for over a third (36%) of the total sum of financial losses for the past five years.
The report indicated that Business Email Compromise (BEC) attacks cause more financial losses than any other form of cybercrime.
BEC attacks involve hackers sending emails from a compromised email account within the organisation. The scammer usually requests the fraudulent transfer of funds or the disclosure of sensitive information such as W-2 forms. The amount lost to BEC doubled in 2018 in comparison to 2017, rising from $675 million to $1.2 billion.
BEC scams are particularly challenging to protect against because security software on email accounts cannot distinguish between a fake or legitimate email sent from an account within the organisation.
Hackers may use spear phishing campaigns to access accounts of higher management or business executives to send these emails. Spear phishing uses social engineering techniques to fool these higher-ups into giving the hacker their login credentials. The hacker uses these accounts to send fraudulent wire transfer requests to the accounts department. As they appear to come from senior management, employees often quickly reply to these requests.
The report notes that there was a particular rise in the number of so-called ‘gift card’ BEC scams in 2018. These involve hackers requesting employees to purchase and send gift cards rather than make wire transfers. The hacker can then use these gift cards for personal gain.
The second most significant cause of losses was confidence fraud and romance scams, which resulted in losses of more than $362 million. The scammers fool the victim into trusting them and eventually either requests the victim sends loan them money or tricks them into disclosing their financial credentials. Investment fraud was in third place with losses of $252 million.
Tech support scams also increased considerably in 2018, with losses from these scams increasing by 161% in 2018, accounting for 14,408 complaints and $39 million. Tech support scam mainly targets less tech-savvy generations, such as OAPs.
Payroll diversion was also a significant cause of losses. Hackers launched phishing campaigns against payroll departments and instruct employees to change bank credentials so that salaries routed to criminals’ accounts. While only 100 complaints were received about payroll fraud, the losses were around $100 million.
IC2 received 65,116 complaints on non-payment/non-delivery scams, 51,146 complaints on extortion attempts, and 50,642 complaints about personal data breaches.