The 2021 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3) shows there was a 64% increase in losses to cybercrime in 2021, rising from $4.2 billion in reported losses in 2020 to $6.9 billion in 2021.
2021 broke the previous record in submitted complaints, with IC3 receiving 847,376 complaints from victims of cybercrime – a 7% increase from 2020. 2021 saw increases in significant rises in phishing, ransomware, business email compromise, and investment fraud scams, with phishing attacks the most commonly reported type of cybercrime. IC3 received complaints from more than 323,000 victims of phishing, vishing, smashing, and pharming attacks in 2021 – a 34% increase from 2020.
Nonpayment/non-delivery crimes were the second most prevalent type of cybercrime, with 82,478 victims submitting complaints, followed by personal data breaches with 51,829 complaints submitted. Business Email Compromise (BEC) attacks increased, as did confidence fraud/romance scams, and there was a 50% increase in ransomware attacks.
As has been the case for several years, the biggest cause of losses to cybercrime came from BEC attacks. There was a 3% increase in BEC attacks year-over-year, but losses to BEC attacks increased by 28% to almost $2.4 billion. BEC attacks have increased in sophistication. In addition to compromising email accounts to request fraudulent wire transfers, BEC gangs have turned to video conferencing and communications platforms to trick individuals into making payments.
There have been many cases where the email account of a finance executive has been compromised and used to get employees to join Zoom meetings where they are asked to make bank transfers. “In those meetings, the fraudster would insert a still picture of the CEO with no audio, or a “deep fake” audio through which fraudsters, acting as business executives, would then claim their audio/video was not working properly,” said IC3.
2021 saw a massive increase in investment fraud, which replaced confidence fraud/romance scams as the second biggest cause of losses to cybercrime. $1.46 billion was lost to investment scams in 2021, an increase of 332.7% from 2020. Many of these scams involved tricking people into fake investments in cryptocurrencies. There was also a 59% increase in losses to confidence fraud/romance scams, which rose to $956,039,739.
Ransomware continued to cause problems for businesses in virtually all industry sectors, and there was a major increase in ransomware attacks on critical infrastructure organizations. IC3 said 14 of the 16 critical infrastructure sectors had suffered at least one ransomware attack in 2021, with healthcare and public health the most attacked sector. IC3 only started tracking ransomware attacks on critical infrastructure organizations in June 2021. In the remaining 7 months of the year, there were 649 known attacks on critical infrastructure organizations, including 148 on the healthcare and public health sector.
The Conti ransomware gang was the most prolific with 87 attacks on critical infrastructure organizations, followed by LockBit, REvil/Sodinokibi. IC3 expects ransomware attacks on critical infrastructure organizations to increase in 2022.