The FBI's Internet Crime Complaint Center (IC3) has published its annual report (PDF) for 2020, and it revealed that cybercrime victims in the US reported a total loss of $4.2 billion for the year. That's $700 million more than the reported losses for 2019. As you'd expect by the increase in losses, there was also an uptick in the number of complaints the IC3 received. In 2020, the organization fielded 791,790 complaints — mostly of the phishing, vishing (video phishing), smishing (text phishing) and pharming varieties — much higher than the 467,361 complaints it received in 2019.
According to the report, the IC3 received 28,500 complaints related to COVID-19 last year. Bad actors attacked a number of hospitals and medical facilities, and they also targeted unemployment insurance and other avenues revolving around CARES Act stimulus funds. One of the most common schemes criminals used to dupe people was pretending to be government officials and reaching out to victims via emails, phone calls and social media to gather personal information about them or to ask them for money.
There was also a rise in Business Email Compromise scams, wherein criminals hack or spoof the emails of company executives and then request for wire payments to be sent to fraudulent locations. BEC victims reported losses of over $1.8 billion, which is a huge chunk of the $4.2 billon total.
Initial takeaways:#BEC comprised 37% of ALL losses last year. That's just insane. Given the fact that "spoofing" is likely a subset of BEC, the total loss number is close to $2.1 BILLION!— Crane Hassold 🏗 (@CraneHassold) March 17, 2021
Tech support fraud continues to be a growing problem, with losses amounting to over $146 million. The IC3 says that's 171 percent more than the losses in the category for 2019, and that most victims are over 60 years of age. Ransomware reports contributed $29.1 million to the total amount of losses, as well, which is over thrice as much as the $8.9 million reported losses in the category for 2019. The real amount victims lost to ransomware attacks last year is most likely much higher than that, though, seeing as cybercriminals took a number of hospitals' and medical providers' networks hostage in the midst of the pandemic.