The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. State-specific statistics have also been released and can be found within the 2020 Internet Crime Report and in the accompanying 2020 State Reports.
The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud. Notably, 2020 saw the emergence of scams exploiting the COVID-19 pandemic. The IC3 received over 28,500 complaints related to COVID-19, with fraudsters targeting both businesses and individuals.
In addition to statistics, the IC3’s 2020 Internet Crime Report contains information about the most prevalent internet scams affecting the public and offers guidance for prevention and protection. It also highlights the FBI’s work combating internet crime, including recent case examples. Finally, the 2020 Internet Crime Report explains the IC3, its mission, and functions.
The IC3 gives the public a reliable and convenient mechanism to report suspected internet crime to the FBI. The FBI analyzes and shares information from submitted complaints for investigative and intelligence purposes, for law enforcement, and for public awareness.
With the release of the 2020 Internet Crime Report, the FBI wants to remind the public to immediately report suspected criminal internet activity to the IC3 at ic3.gov. By reporting internet crime, victims are not only alerting law enforcement to the activity, but aiding in the overall fight against cybercrime.
According to Vanessa Pegueros, Chief Trust and Security Officer, OneLogin, “Cybercriminals are masterful when it comes to playing on human emotions. They take advantage of human loneliness, fears around health, and the desperate hopes of quick economic gain. Computers don’t have emotions and are the vehicles by which cybercriminals monetize these human emotions. We need to continue to implement security controls on computers because we will not change our humanness.”
Jerome Becquart, Chief Operating Officer, Axiad, explains, “Email phishing remains a growing issue because an organization’s greatest vulnerability is its users. Despite all the efforts businesses make to educate users to identify phishing emails, and the implementation of increasingly smarter email filtering solutions, hackers still find new ways to trick users and get through the system. Most email scams are masquerading as a known email source or colleague within the same organization, which makes the recipient more likely to share sensitive information. Digital Signature of emails should be more widely used to prevent this, as they enable the email recipient to confirm that the sender is authentic and legitimate. In our experience at Axiad, implementation of Digital Signature for e-mails significantly decreased the risk of email phishing, as we know that if an email for a co-worker doesn’t have their digital signature, it is a phishing scam.”
Becquart adds, “The problem with user credentials being compromised is not a new issue – passwords are not secure and are an easy target for scammers and hackers, which is one of the reasons credential issues make up over 80% of data breaches. The good news is that we see a lot of organizations moving to a passwordless approach using technologies such as FIDO2 and PKI. These technologies are widely available and supported by all the major players, from Microsoft to Google and AWS. These approaches result not only in better security but also better user experience, as passwords are painful to remember, need to be changed frequently, etc. However, it’s important for businesses to deploy passwordless solutions for their various business use cases, as FIDO2 or PKI don’t protect all of your users and devices on their own. By implementing multiple credential solutions, you can protect every identity on your network. “