Ride the Lightning

FBI: 2016 Losses to Cybercrime Exceeded $1.3 Billion

July 6, 2017

Not exactly chump change, huh? Cybercrime is big business and the recently issued FBI 2016 Internet Crime Report makes that clear. The report examines the most prevalent and most damaging forms of cybercrimes today – business email compromise (BEC), ransomware, tech support fraud, and extortion. It based its findings on nearly 300,000 complaints filed with the IC3 (the Internet Crime Complaint Center), which compiles data from public complaints in order to refer cases to the appropriate law enforcement agencies as well as to identify trends.

2016 cybercrime losses exceeded those of 2015 by 24%. Even with that significant number, the actual tally is much higher as only an estimated 15 percent of the nation's fraud victims report their crimes to law enforcement. One security expert commented that if the IC3's estimate of 15 percent is accurate, then the actual cost of cybercrime in the U.S. was likely closer to $9 billion. The loss from ransomware attacks alone is about $16 million.

In 2016, the top three crime types by reported loss were BEC, romance and confidence fraud, and non-payment and non-delivery scams.

In the tech support fraud cases, criminals posing as tech support personnel from recognizable companies dupe victims into giving up their credentials, which then grants the fraudsters access to the victim computers. Once in, the miscreants can charge victims' credit cards for fake AV software, install malware, or even siphon out personal details, later to be used in other scams. The IC3 received more than 10,000 reports of this variety of scam in 2016, resulting in the loss by victims of nearly $8 million.

Business email compromise (BEC) scams target businesses working with foreign suppliers and/or businesses which regularly perform wire transfer payments. The criminals behind these scams employ social engineering tricks or computer intrusion techniques to transfer funds electronically. The more popular versions of the scam begins when someone receives an e-mail purporting to be from the CEO or CFO requesting that funds be transferred to an account. The message appears legitimate so the victim is duped into performing the transfer.

In 2016, these scams began targeting legitimate business email accounts and requests for personally identifiable information (PII) or wage and tax statement (W-2) forms for employees. In 2016, the IC3 received more than 12,000 complaints with losses exceeding $360 million tied to such scams.

Ransomware, once contracted (usually by clicking on an e-mail link or attachment), encrypts computer files, often traveling across an entire corporate network. The criminals demand ransom, most often in the form of Bitcoin, with promises to decrypt the files. Last year, the IC3 received nearly 3,000 complaints identified as ransomware with losses exceeding $2.4 million, according to the report.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson