On May 7, the FBI announced the release of the 2017 edition of the Internet Crime Report, published by the Internet Crime Complaint Center (IC3). This 29 page report outlines what cyber-crimes are most popular and most profitable for the perpetrators. Don’t miss the extensive list of cyber-crimes and definitions in Appendix A. Seriously, I found them kind of interesting. Anyway, these crimes led to $1.42 billion in losses last year. And these are just the losses reported to the IC3. Total losses are undoubtedly much higher.
There were some interesting new additions to the top six crimes. The top 6 cyber-crimes by victim dollar losses are:
- Business Email Compromise/Email Account Compromise – Usually the target of a spear-phishing campaign, top executives provide cybercriminals access to their email account, resulting in impersonation exploits, wire transfer fraud, and invoice or payment fraud.
- Confidence Fraud Romance – The Lonely Hearts Club made its way to number two this year. Sure your new boyfriend or girlfriend would be happy to meet in person, if only they had the money from an airline ticket.
- Non-Payment/Non-Delivery – New to me, so I had to look it up in Appendix A. “In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.” So there.
- Investment – A financial fraud con involving a great, can’t miss, sure-fire investment that will make you independently wealthy.
- Personal Data Breach – An special thanks to Equifax for this one, probably the largest breach of PII so far.
- Identity Theft – This cannot be related to the above item, can it?
Our old nemesis Crypto-Ransomware drops to #24 this year.
The report lists the Hot Topics for 2017, also. These include:
- Business Email Compromise – Unsurprisingly, the top exploit is the number one hot topic too.
- Ransomware – Even though it has dropped down the exploit list to #24, this attack can be expensive to mitigate if your organization becomes infected. The delta in costs between paying the ransom for the encryption key, versus restoring from backups seems to favor paying the ransom, because it is less expensive, and faster.
- Tech Support Fraud – This is #16 on the list of crimes by dollar losses, but I see this exploit all the time in my private practice. The targets often are seniors and other vulnerable individuals.
- Elder Justice Initiative – This makes sense in light of the apparent focus of not just tech support fraud, but other internet and telephone based confidence schemes such as income tax overdue calls. Also exploits involving events purpotedly happening to children or grandchildren such as automobile accidents, and police arrests. These scams usually involve the transfer of funds using prepaid cards such as Western Union or Green Dot cards.
- Extortion – #15 on the list, usually extortion involves threats including disclosure for embarrassing personal information, “denial of service attacks, hitman schemes,sextortion, government impersonation schemes, loan schemes, and high-profile data breaches.”
For more information click through the links below. Our next post will continue to review the report contents and focus on the role of the IC3. The IC3 collects cybercrime incident and intrusion information, and uses aggregation to identify individual bad actors responsible for multiple incidents. This helps the FBI and local law enforcement agencies build successful cases that lead to the arrest and conviction of the perpetrators, and restitution to the victims.