The crime may be virtual, but the losses are not.
Internet crimes such as business wire fraud, ransomware, tech support scams and extortion led to more than $1.3 billion in losses in 2016, according to the FBI.
The bureau’s Internet Crime Complaint Center, or IC3, released its annual report Thursday and last year alone it handled 298,728 complaints—though it estimates only 15 percent of internet crime gets reported.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Here are a few of the noteworthy trends:
1. Targeting businesses that handle frequent wire transfers is profitable.
Criminals find businesses that work with foreign suppliers or frequently transfer money through transfers, and then use social engineering or network intrusion to make unauthorized transfers to themselves. The IC3 report calls these crimes “business email compromise,” and they’re evolving. The report notes in recent years criminals posed as CEOs, colleagues in contact lists and lawyers with time-sensitive payment needs. The 2016 version often compromised legitimate business email accounts and requested wage or tax statement for employees.
In 2016, IC3 said these attacks resulted in the loss of $360 million.
2. Increase awareness to prevent ransomware.
Last year, IC3 handled 2,673 complaints about ransomware, malware that locks down data on a computer or system and then demands payment—and related losses of more than $2.4 million.
The primary way the malware gets in is through employees who have been phished or when they use a remote desktop protocol, which allows computers to connect to each other across a network. Training employees is a “critical preventative measure,” the report said.
3. Tech support scams are global, but mostly target U.S. citizens.
Older victims are most vulnerable to tech support fraud, which is when criminals claim to work for a software, security or internet company to offer help, the ICS report said.
Methods vary: They could cold call a victim, run pop-ups, have search-optimized ads or squat on a URL with similar but misspelled version of a reputable company. Once scammers make contact with a victim, they try to get remote access to their devices to possibly hold it hostage for ransom, access files to find other personal data like credentials to bank accounts or intentionally install malware.
In 2016, 10,850 complaints lead to $7.8 million in losses.
4. Extortionists like cryptocurrency.
Extortion isn’t new, but the internet enables new techniques like releasing sensitive data or collecting virtual currency instead of unmarked, nonsequential bills. Using cryptocurrency like bitcoin allows criminals to keep their anonymity intact, the IC3 report noted.