Suspected internet crime complaints increased by 69% in 2020 compared to 2019 in the US, according to figures released in the FBI’s 2020 Internet Crime Report.
Total complaints reached 791,790 last year, representing a rise of more than 300,000 compared to 2019. This resulted in total recorded losses of more than $4.1bn to victims, as cyber-criminals took advantage of the shift to online services as a result of COVID-19 lockdown restrictions.
The report from the Internet Crime Complaint Center (IC3) found that business email compromise was the costliest scam technique employed.
The three most prominent forms of internet crime reported were phishing, which surged from 114,702 complaints in 2019 to 241,342 in 2020. This resulted in adjusted losses for victims of over $54m. This was followed by non-payment/non-delivery scams, growing from 61,832 in 2019 to 108,869, resulting in losses of more than $265m. Extortion was the third most complained about internet crime last year, rising from 43,101 victims in 2019 to 76,741 in 2020. Total losses from extortion were recorded as close to $70m.
The IC3 also observed a sharp rise in ransomware incidents last year, with 2474 complaints resulting in adjusted losses of more than $29.1m. The most common means of infection were email phishing campaigns and remote desktop protocol (RDP) vulnerabilities.
Additionally, the study emphasized the extent to which fraudsters leveraged the COVID-19 crisis, with the IC3 receiving over 28,500 complaints related to pandemic. These included the targeting of a number of government financial relief schemes, such as the Coronavirus Aid, Relief and Economic Security Act (CARES Act).
Commenting on the findings, Ilia Kolochenko, CEO, founder and chief architect at ImmuniWeb, said: “The most popular incidents mentioned in the report involve human error, spanning from trivial consumer fraud and phishing to more sophisticated BEC hacking and ransomware campaigns. In 2020, attackers were aggressively exploiting pandemic-related topics, a trend that will likely persist this year. Unsurprisingly, most of the self-reported victims are over 60 years old – they may lack cybersecurity training and are susceptible to manipulation.”