$4 billion were stolen due to cybercrime in 2020” – That’s what the new FBI’s report found.

The “2020 Internet Crime Report” has also found that the Internet Crime Complaint Center (IC3) saw an increase of 69% more reports, from what it was reported back in 2019. 

The top three crimes reported by victims during this year were:

  1. Phishing Scams
  2. Non-payment/Non-delivery scams
  3. Extortion

 

Most victims lost their money through business email compromise (BEC) scams, as well as investment fraud, which it is unsurprising on a year emerged in global chaos, disruption, and fear, criminal’s tools-of-trade.

For that reason, the IC3 received more than 28,500 notifications of COVID-19-related threats, where both business owners and individuals were targeted without discrimination.

Government-impersonating was another noticeable trend in 2020, where hackers interacted with the public through social media and social engineering methods while pretending to be government officials to steal money and valuable personal information. 

 

What is the Internet Crime Complaint Center (IC3)?

This team was formed to provide a reliable mechanism of suspected internet crime reports.

The FBI gets related information from this trustable source, for later analysis and submission for investigation and other intelligence purposes. So far, its goal has been improving law enforcement and raising public awareness of cybercrime topics.

 

What Do Experts Comment About FBI’s 2020 Cybercrime Report?

Here’s what other cybersecurity experts think about this report’s finding: 

 

“Most phishing scams are based on reaching a need, a desire, a fear, and manipulating this. The sophistication of phishing in general has grown significantly. No longer can the ‘Nigerian princes’ be recognized by their poor-quality emails or content, we have seen phishing in perfect English, Swedish and Dutch whichever language their target speaks.     

On a technical level, BEC scams have evolved as well, the used infrastructure is no longer a simple burner Gmail or Hotmail address, but rather a complex net of compromised hosts, email accounts, and dedicated infrastructure per target. They will buy domains that are similar to their target, with minor spelling mistakes and pinpoint their targets within the organization. 

We are witnessing an evolution, where targeted attacks are becoming a commodity trade for phishers. Many organizations are missing the fact that what for them is perceived as a “highly targeted phishing attack” is for these scammers just a newly registered domain, scraped LinkedIn profile and a made-up story. Unsurprising then that the figures revealed in this report are so high and COVID-19 certainly hasn’t helped matters. 

Always prepare for a cyber-attack to hit your organization before it actually hurts your financial situation or your reputation. These criminal scammers have nothing to lose, and everything to gain.”

 

 

 

  • Security Intelligence Engineer (Lookout), Justin Albrecht:

As the FBI’s report notes, 2020 showed a massive increase in phishing, smishing (SMS phishing), and vishing (voice phishing). All three of these phishing categories are more successful when the threat actor targets individuals through smartphones and tablets. Lookout data shows that almost one-third of mobile users globally were exposed to a phishing attack in 2020. Of those encounters, Lookout also observed that 85% of mobile phishing attacks intended to deliver mobile malware such as spyware, banking trojans, surveillanceware, or stalkerware to the target’s smartphone or tablet.

The report notes that business email compromise scams, romance and confidence schemes, and investment fraud were all leading financial loss attacks. Each of these attacks can be effectively carried out through mobile devices in email, SMS, and dating apps.

One of the most effective ways that attackers commence a BEC attack is through mobile phishing. Smartphones and tablets don’t have the same security tools and protections as traditional endpoints like desktops and laptops. Being phished through social media or SMS on the same device you use for work could compromise your work data just as much as your personal data.

Much phishing-related mobile malware spread through SMS or other messaging platforms, spamming the contact lists of infected devices. This results in widely spread campaigns that are more likely to succeed as the source of the phishing link is an acquaintance or friend.

 

 

 

  • VP of Payment Solutions & Strategy (Feedzai), Andy Renshaw:

“The FBI’s findings are consistent with the mass-migration to online banking that happened as a result of branches closing during national lockdowns. In fact, Feedzai’s own data corroborates this, finding that nearly 1 in 10 people have experienced online banking or payment card fraud. Indeed the study showed online banking experienced a 250% increase in attempted fraud in 2020.”

“Consumers are recommended to research retailers before making a purchase to avoid the non-payment/non-delivery type scams, and to pay with a credit card rather than a debit one. Enabling two-factor authentication wherever possible adds a layer of protection, and making sure to choose complex, unique password for each account can go a long way to prevent fraud.”

 

Are you scared of being the next business owner affected by cybercrime?

Truth is, the FBI might not save your assets… But we will.

Let’s find out if you have any bottlenecks on your digital security infrastructure, shall we?