In May 2018, the Internet Crime Complaint Center (IC3) released its “2017 Internet Crime Report“. The IC3, which is part of the US Federal Bureau of Investigation (FBI), was established to gather complaints from victims of Internet crime. In 2017, an average of 826 complaints were received each day from victims.
The complaints reveal that both businesses and individuals have been the victims of more than 30 types of cybercrimes, including data breaches, espionage, phishing scams, payment fraud, counterfeit goods, and nondelivery of goods. They reported losing a total of $1.42 billion (USD). Here are the five most costly IT-related cybercrimes reported by victims:
1. Business email compromise scams ($675 million)
The victims of business email compromise (BEC) scams lost the most money in 2017. In this type of scam, cybercriminals pose as executives, supplier representatives, lawyers, and other business professionals to con companies out of money. The scammers use well-crafted emails, which are specific to the companies being attacked, to convince the recipients of the emails’ legitimacy.
Although BEC scams use low-tech emails to steal money, they are highly effective. The 15,690 BEC scam victims lost more than $675 million.
2. Corporate Data Breaches ($61 million)
Data breaches set companies back $60,942,306 in 2017. In all, 3,785 businesses reported a corporate data breach, which means the average loss per company was more than $16,000.
These figures do not include the victims of personal data breaches. The 30,904 victims reporting this type of breach lost $77,134,865, which means the average loss per victim was nearly $2,500.
Combining the data from the two types of data breaches reveals that cybercriminals earned $138 million by stealing data. (If you are curious about how the IC3 differentiates the two categories of data breaches, see the “Corporate Data Breach” and “Personal Data Breach” entries in Appendix A of the “2017 Internet Crime Report“.)
3. Phishing Scams ($30 million)
In a phishing scam, a cybercriminal masquerades as a reputable person or a legitimate organization in order to obtain sensitive information, such as login credentials or financial account numbers. The cybercriminal then uses this information to steal money or data. Alternatively, the person might sell the information to other cybercriminals.
Although cybercriminals usually carry out phishing attacks via email, other communication channels can be used. For example, sometimes they use text messages (which is referred to as smishing) and phone calls (which is known as vishing).
Not surprisingly, phishing scams were both common and costly. The 25,000+ people who reported phishing scams in 2017 lost nearly $30 million.
4. Tech Support Scams ($15 million)
In tech support scams, cybercriminals pretend to be tech support staff, usually from well-known software or security companies. These scammers typically call their victims. However, some have started sending emails.
Tech support scams vary, but cybercriminals often try to convince a target that there is a serious problem on his or her electronic device, which they can fix — for a fee. The bottom line is that tech support scammers con people into paying for unnecessary tech support services and software.
In 2017, close to 11,000 people reported falling for a tech support scam. The scammers walked away with nearly $15 million.
5. Malware ($7 million)
There are many different types of malware that can infect computing devices and networks, including ransomware, scareware, and viruses. The 4,872 victims who reported malware infections lost around $7 million. Nearly of third of this money ($2.3 million) was paid to cybercriminals who held the victims’ data for ransom.