The FBI Releases the IC3 2017 Internet Crime Report

On May 7, the FBI announced the release of the 2017 edition of the Internet Crime Report, published by the Internet Crime Complaint Center (IC3).   This 29 page report outlines what cyber-crimes are most popular and most profitable for the perpetrators.  Don’t miss the extensive list of cyber-crimes and definitions in Appendix A.  Seriously, I found them kind of interesting.  Anyway, these crimes led to $1.42 billion in losses last year.  And these are just the losses reported to the IC3.  Total losses are undoubtedly much higher.

There were some interesting new additions to the top six crimes.  The top 6 cyber-crimes by victim dollar losses are:

  • Business Email Compromise/Email Account Compromise – Usually the target of a spear-phishing campaign, top executives provide cybercriminals access to their email account, resulting in impersonation exploits, wire transfer fraud, and invoice or payment fraud.
  • Confidence Fraud Romance – The Lonely Hearts Club made its way to number two this year.  Sure your new boyfriend or girlfriend would be happy to meet in person, if only they had the money from an airline ticket.
  • Non-Payment/Non-Delivery – New to me, so I had to look it up in Appendix A.  “In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.”  So there.
  • Investment – A financial fraud con involving a great, can’t miss, sure-fire investment that will make you independently wealthy.
  • Personal Data Breach – An special thanks to Equifax for this one, probably the largest breach of PII so far.
  • Identity Theft – This cannot be related to the above item, can it?

Our old nemesis Crypto-Ransomware drops to #24 this year.

The report lists the Hot Topics for 2017, also.  These include:

  • Business Email Compromise – Unsurprisingly, the top exploit is the number one hot topic too.
  • Ransomware – Even though it has dropped down the exploit list to #24, this attack can be expensive to mitigate if your organization becomes infected.  The delta in costs between paying the ransom for the encryption key, versus restoring from backups seems to favor paying the ransom, because it is less expensive, and faster.
  • Tech Support Fraud – This is #16 on the list of crimes by dollar losses, but I see this exploit all the time in my private practice.  The targets often are seniors and other vulnerable individuals.
  • Elder Justice Initiative – This makes sense in light of the apparent focus of not just tech support fraud, but other internet and telephone based confidence schemes such as income tax overdue calls.  Also exploits involving events purpotedly happening to children or grandchildren such as automobile accidents, and police arrests.  These scams usually involve the transfer of funds using prepaid cards such as Western Union or Green Dot cards.
  • Extortion – #15 on the list, usually extortion involves threats including disclosure for embarrassing personal information, “denial of service attacks, hitman schemes,sextortion, government impersonation schemes, loan schemes, and high-profile data breaches.”

For more information click through the links below.  Our next post will continue to review the report contents and focus on the role of the IC3.  The IC3 collects cybercrime incident and intrusion information, and uses aggregation to identify individual bad actors responsible for multiple incidents. This helps the FBI and local law enforcement agencies build successful cases that lead to the arrest and conviction of the perpetrators, and restitution to the victims.

More information:

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.