The FBI Releases the IC3 2017 Internet Crime Report

On May 7, the FBI announced the release of the 2017 edition of the Internet Crime Report, published by the Internet Crime Complaint Center (IC3).   This 29 page report outlines what cyber-crimes are most popular and most profitable for the perpetrators.  Don’t miss the extensive list of cyber-crimes and definitions in Appendix A.  Seriously, I found them kind of interesting.  Anyway, these crimes led to $1.42 billion in losses last year.  And these are just the losses reported to the IC3.  Total losses are undoubtedly much higher.

There were some interesting new additions to the top six crimes.  The top 6 cyber-crimes by victim dollar losses are:

  • Business Email Compromise/Email Account Compromise – Usually the target of a spear-phishing campaign, top executives provide cybercriminals access to their email account, resulting in impersonation exploits, wire transfer fraud, and invoice or payment fraud.
  • Confidence Fraud Romance – The Lonely Hearts Club made its way to number two this year.  Sure your new boyfriend or girlfriend would be happy to meet in person, if only they had the money from an airline ticket.
  • Non-Payment/Non-Delivery – New to me, so I had to look it up in Appendix A.  “In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.”  So there.
  • Investment – A financial fraud con involving a great, can’t miss, sure-fire investment that will make you independently wealthy.
  • Personal Data Breach – An special thanks to Equifax for this one, probably the largest breach of PII so far.
  • Identity Theft – This cannot be related to the above item, can it?

Our old nemesis Crypto-Ransomware drops to #24 this year.

The report lists the Hot Topics for 2017, also.  These include:

  • Business Email Compromise – Unsurprisingly, the top exploit is the number one hot topic too.
  • Ransomware – Even though it has dropped down the exploit list to #24, this attack can be expensive to mitigate if your organization becomes infected.  The delta in costs between paying the ransom for the encryption key, versus restoring from backups seems to favor paying the ransom, because it is less expensive, and faster.
  • Tech Support Fraud – This is #16 on the list of crimes by dollar losses, but I see this exploit all the time in my private practice.  The targets often are seniors and other vulnerable individuals.
  • Elder Justice Initiative – This makes sense in light of the apparent focus of not just tech support fraud, but other internet and telephone based confidence schemes such as income tax overdue calls.  Also exploits involving events purpotedly happening to children or grandchildren such as automobile accidents, and police arrests.  These scams usually involve the transfer of funds using prepaid cards such as Western Union or Green Dot cards.
  • Extortion – #15 on the list, usually extortion involves threats including disclosure for embarrassing personal information, “denial of service attacks, hitman schemes,sextortion, government impersonation schemes, loan schemes, and high-profile data breaches.”

For more information click through the links below.  Our next post will continue to review the report contents and focus on the role of the IC3.  The IC3 collects cybercrime incident and intrusion information, and uses aggregation to identify individual bad actors responsible for multiple incidents. This helps the FBI and local law enforcement agencies build successful cases that lead to the arrest and conviction of the perpetrators, and restitution to the victims.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.