The FBI runs its Internet Crime Complaint Center (IC3) to help fight cyber crime, and also to compile statistics on cyber crime. Each year, the IC3 publishes a report on the prior year’s cyber crimes, and the 2020 Internet Crime Report was just released. The results are shocking, but not unexpected: The incidences of some types of crime are up by more than 300% with associated costs of some crimes up by more than 2400%.
COVID Tops The List
While the COVID-19 Pandemic has resulted in millions of Americans being out of work or on drastically reduced hours, cyber-criminals around the world worked overtime to take advantage of the pandemic. Health Care Related crimes increased from $1,128,838 to $29,042,515...an increase of almost $28 million, representing a 2,472% increase.
Other COVID-related fraud included Phishing attacks focusing on Unemployment scams, EIDL Disaster Relief loans, and PPP loans. Typical of the Unemployment Scams are those that made fraudulent unemployment claims, which only became known when a subsequent legitimate claim was made.
The LA Times reported that over $11 Billion in fraudulent claims were paid, which actually dwarfs the statistics in the FBI report, which total just over $5 Billion. It’s unclear why these statistics were not included in the FBI’s 2020 Internet Crime Report.
Business Email Compromise Leads
We’ve written several times about the dangers of Business Email Compromise scams, which occur when a bad actor sends emails to an employee from a spoofed or hacked company or personal email account. Generally those emails will make a financial request of some kind on behalf of a colleague, and the other colleague or subordinate who receives the email is inclined to follow its instructions based on the belief that the email is legitimate.
These requests became more prevalent during 2020 due to COVID-19 because colleagues were physically further apart and communicated less frequently, reducing the likelihood of someone confirming the legitimacy of the email and the request. Quoting from the prior article, typical BEC emails might include:
- Requesting that payments -- especially wire transfers -- be rerouted to different accounts.
- Requesting advance payment for goods or services.
- Requesting access to company credentials, including computer logins, network resources, security systems, and others.
- Requesting access to company financial resources, including banks and other financial institutions.
According to the FBI’s IC3 Report, Business Email Compromise led 2020’s list of crimes with $1,866,642,107 in total losses claimed. That’s more than triple the next highest crime of $600 million for Confidence Fraud & Romance related scams. Ironically, the $1.8 Billion number is only a 5% increase from 2019, highlighting how devastating BEC crimes can be.
Phishing More Than Doubles
The FBI reports that phishing and related scams (Phishing/Vishing/Smishing/Pharming), have more than doubled in frequency in 2020, rising from 114,702 complaints in 2019 to 241,342. Ironically, even though their incidence increased, their dollar volume dropped by 6%.
But that doesn’t undermine the damage that Phishing can do to a company. Phishing emails not only are targeted towards coercing targets to make some sort of payments, but they are also often intended to steal valuable credentials and distribute malware, such as Ransomware.
In 2020, Ransomware complaints were up by more than 20% to 2,474 complaints, but increased in value from $8.9 million to $29.1 million, a 225% increase.
California Leads The List
One little detail in the FBI’s IC3 report: California led the country in the number of cybersecurity incidents, with Florida, Texas, New York and Illinois rounding out the top 5. Similarly, California led the country in the dollar value of crimes reported, with New York, Texas, Florida and Ohio trailing.
Overall, the number of reported crimes in the report rose from $4.38 billion in 2019 to $5.04 billion in 2020, a 15% increase. But the number of organizations and people harmed rose, with the total number of incidences rising from 501,119 in 2019 to 770,403 in 2020, representing a 53.7% increase.
What The Internet Crime Report Means To Your Business
Online crime is changing all the time. As fast and good as cybersecurity software and hardware providers are at detecting and upgrading their technology defending against cybercrimes, the cyber criminals are even better and faster at creating new ways to deceive humans and circumventing their defenses.
All of these crimes happen more frequently when any of the following are true about an organization:
- Inadequate cybersecurity technology and procedures are installed.
- Cybersecurity technology is not upgraded when the business changes.
- Cybersecurity systems are not patched when new upgrades are released.
- Server software, application software and office productivity applications are not patched when new upgrades are released.
- Company staff are not given Cybersecurity Awareness Training.
- When Cybersecurity Not Taken As Seriously As It Should Be.
What You Can Do To Protect Yourself
One of the difficult parts of avoiding the items on the list above is that in many companies, there is no qualified cybersecurity staff to oversee the cybersecurity effort. That’s where Digital Uppercut can help. Our Business Protection Toolkit has all of the essential tools you need to protect most companies from these threats. The Toolkit, plus our other services, can help to keep your company’s cash in your company’s bank account, and your company out of next year’s FBI’s IC3 Report. Contact us online, or call us at 818-913-1335.