American victims reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% uptick in the money known to be lost to scammers in 2019, the bureau said in a new report.
The FBI’s Internet Crime Complaint Center, the organization through which U.S. citizens and businesses report financial losses from hackers, said in its annual report released Wednesday that it received an average of more than 2,000 complaints per day through 2020.
The uptick in crime reporting — the bureau says it received an average of 1,200 complaints per day in 2019 — is driven largely by business email compromise (BEC), ransomware attacks and widespread technology support scams, in which fraudsters impersonate customer support representatives from tech firms or financial institutions, only to dupe victims into sending wire transfers.
BEC scams were the cause of more than 19,000 complaints in 2020, resulting in $1.8 billion in reported losses. Thieves typically compromise a legitimate email address via hacking or social engineering, then request a wire transfer from an unsuspecting victim. While the numbers from 2020 are strikingly close to the 2019 figures (23,775 complaints worth $1.7 billion), the year-over-year similarity is only the latest reminder that BEC scams remain a viable technique a generation after they emerged as a headache for corporate America.
“That’s just insane,” Crane Hassold, a former FBI analyst who is now senior director of threat research at the email security firm Agari, said in a tweet Wednesday.
The bureau has sought to intercede on victims’ behalf by creating a Recovery Asset Team, founded in 2018. The group functions as a liaison between law enforcement and financial institutions that are unwittingly making fraudulent financial transfers, the bureau said, and intervened in 1,303 incidents in 2020.
In one case involving an unnamed victim in June 2020, the FBI learned of a wire transfer of $60 million that was marked to be moved to a Hong Kong bank account. Ultimately, the financial move was blocked after the FBI alerted the legal attache of Hong Kong, the Hong Kong bank and other partners, the bureau said, resulting in the money being returned to the victim.
Ransomware victims, meanwhile, accounted for 2,747 complaints in 2020, totaling $29.1 million in adjusted losses. It’s a significant jump from the $8.9 million in reported losses in 2019. Ransomware also has continued unabated through the coronavirus pandemic, striking at least 80 medical providers through November, as CyberScoop previously reported.
The numbers, though, likely represent a mere fraction of the true losses from digital extortion, as countless small and medium-sized businesses and individuals do not report such breaches to law enforcement. The FBI spent months trying to gather more information about ransomware attacks, including information about hackers’ tendencies, malware details and victim demographics, in a series of summits with insurers and U.S. corporations.
A single ransomware attack against Universal Health Services, an American health care provider, that occurred in September 2020, resulted in estimated losses of $67 million, the organization said in a recent disclosure.
Technology support scams resulted in losses of $146 million, a 171% increase in losses from 2019. At least 66% of victims were over 60 years old, the FBI said. Such efforts are often run out of call support centers overseas, the FBI said, with help from suspects living in the U.S.
A number of defendants have been indicted for involvement in tech support scams over the past year, though robocalls motivated by fraud have only continued amid the COVID-19 pandemic.