During the pandemic, cybercriminals stepped up their attacks on businesses and individuals and record numbers of complaints about cybercrime were filed with the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3). 69% more complaints were filed with IC3 than 2019, which received 791,790 complaints about cybercriminal activity such as phishing attacks, ransomware and malware, and a wide range of online scams.
The rise in complaints is unsurprising since lockdown restrictions were imposed that prevented purchases from being made in bricks and mortar stores and large numbers of people had to work from home and connect to their offices remotely. Losses to cybercrime also increased in 2020, with more than $4.2 billion in losses reported – A 20% increase from 2019.
The figures are detailed in the recently released IC3 2020 Internet Crime Report, which highlights the main ways that cybercriminals are attacking businesses and consumers. In 2020, phishing was the most commonly reported form of cybercrime, accounting for 241,342 complaints in 2020 – A substantial increase from the 114,702 complaints about phishing in 2019. $54 million was lost to phishing attacks in 2020.
Non-payment/non-delivery scams were the second most common type of cybercrime, with 108,869 complaints filed compared to 61,832 complaints in 2019. $265 million was lost to these scams in 2020. There was also a significant increase in extortion in 2020, increasing from 43,101 complaints in 2019 to 76,741 in 2020, with annual losses of $70 million reported. There was also a significant rise in reported ransomware attacks in 2020. IC3 received complaints about 2,474 attacks that resulted in losses of 29.1 million.
Relatively few business email compromise (BEC) incidents were reported (19,369) but these attacks were the costliest. More than $1.8 billion was lost to BEC attacks in 2020, with confidence fraud/romance scams ($600 million) and investment fraud ($336 million) the second and third biggest causes of losses in 2020.
In 2020, cybercriminals took advantage of the pandemic and switched to COVID-19 themes for their scams. IC3 received more than 28,500 complaints about scams with COVID-19 themes, including many phishing scams that sought credentials for use in identity theft and to obtain financial support through various Coronavirus Aid, Relief and Economic Security Act (CARES Act) schemes.
Tech support scams have increased during the pandemic. IC3 received 14,421 reports of these scams, the majority of which (66%) came from the over 60s who had been defrauded after being convinced to provide money for technical support and security assistance to resolve fictitious issues. Many of these scams are conducted from call centers in India. Once call center was discovered to have defrauded around 15,000 victims out of $7 million, while another took $50,000 of 130 victims.
There were some major successes in 2020 for the IC3 Recovery Asset Team (RAT). RAT was set up in 2018 to make it easier for the FBI to work with financial institutions and block fraudulent payments to domestic accounts. RAT dealt with 1,303 incidents involving losses of nearly $463 million and managed to block $380 million in payments, with a success rate of 82%.