In 2020, we had more to fear than we thought
2020 was filled with horrifying, and still lingering statistics. Not only did the sobering death tallies stagger the mind, but the lasting effects of those who are still suffering has resulted in the emergence of what are known as “long-haul” clinics. One would think that with such global turmoil the criminal activity would diminish a bit. Sadly, according to the 2020 Internet Crime Report issued by the FBI, the statistics are quite the opposite.
The report indicates that while everyone was working remotely, cybercriminals took advantage of the opportunities, causing the largest number of internet crimes ever recorded. Criminal internet activity rose by 69% compared to 2019, with losses exceeding 4.1 Billion dollars. It is important to remember that these statistics reflect the cases that were reported to the FBI. One can only wonder what the residual numbers of unreported cases would reveal.
Increases in 4 out of 5 categories
The report categorizes 33 attack types, of which the top five are: Phishing (and its related attack styles of Smishing, Vishing, and Pharming), non-payment or non-delivery scams, extortion, personal data breach, and identity theft. It is also important to note that one complaint may contain more than one crime type. Four of the five categories showed a more than 10% increase from the last year. The only crime that was lower was “personal data breach”, which makes sense when compared to the most prevalent attack vector, Phishing.
Phishing incidents doubled from 2018 and were 100 times higher than all previous years starting in 2016. It makes sense that, since so many people were working remotely, they all became highly susceptible to many phishing scams.
The Internet Crime Complaint Center (also known as IC3) makes it very easy for a person to report a cybercrime. In the case of fraudulent asset transfers, the Recovery Asset Team (RAT) successfully froze the accounts of the cybercriminals, returning the stolen funds to 82% of the 1,303 people who filed a complaint. This is an impressive number. In one particular case, a health care victim sent five wire transfers that totaled more than $2 million. The RAT Squad was able to collaborate with the financial institution where the transfers occurred, and successfully placed holds on the funds to allow the victim time for the indemnification process to proceed. Further to that, the information gained through that collaborative effort lead to another investigation that targeted the accounts of the money “mules”, potentially saving other victims.
When it came to the biggest money-makers for cybercriminals, Business Email Compromise was the greatest revenue generator. This resulted in a staggering $1.8 billion windfall for the criminals. This is shocking, mostly because most organizations have security awareness training as part of the normal course of business. One interesting finding in the report is that investment scams cost victims a total of $369 Million. It will be fascinating to see how this metric changes in the 2021 report in light of the GameStop/Reddit rally of early 2021. If opportunistic cybercriminals are undeterred by a global pandemic, it is safe to assume that some stock trading fraud is not beyond the ethical bounds of such an organization.
Opportunity to increase reporting
Given the success of the IC3 Teams and the ease of reporting, one can only wonder why any victim, particularly a business, would hesitate to report a cybercrime? One reason, of course, is that the IC3 is not very active on the advertising spectrum. Can you recall ever seeing a promotional piece for what to do if you are the victim of a crime? As an informal challenge, ask your friends, family, and colleagues if they know about the IC3. Many victims might call their local law enforcement agency, but the local police are usually ill-equipped to handle internet crime. As we have seen in the past, sometimes they are victimized as well. One could posit that the FBI and the IC3 need to elevate their visibility in the mind of the public.
It is awful to think of all that we have suffered in 2020. That becomes compounded by the fact that, even while sequestered in our homes in an effort to keep our colleagues safe, our businesses saw an increase in attacks. One way to help secure a business is by using the services of a company with experience and expertise. ITEGRITI offers a full range of services to keep your organization safe and prepared, including, attack surface reduction, business continuity planning, and testing, crisis communications, cyber and physical security convergence, incident response and recovery, and all other services to help your business avoid the perils of our hyper-connected world.
To get started, take our free Cyber Risk Assessment. This tool can help you to see where you stand or contact us to learn how we can help you achieve your security goals.