Everyone has heard of the CIA, and even the U.K.’s MI6. But what about IC3? Or the RAT team? No, they’re not organizations that will be featured in an upcoming Marvel movie, they’re the very real divisions of the FBI, known as the Internet Crime Complaint Center and the Recovery Asset Team. Since May 2000, IC3 has been fielding reports of online scams such as phishing, extortion and ransomware attacks, and since February 2018, the RAT team has worked to freeze and recover funds involved in these attacks. IC3 has just released its 2020 Internet Crime Report, which includes these five key takeaways that show a shifting cybercrime landscape.
As with all other aspects of life in 2020, the report details ways in which the pandemic changed online fraud. To start with, complaints soared to 791,790 last year, representing a 69 percent spike over 2019. The total losses involved in these complaints exceeded $4.1 billion. IC3 noted that pandemic-specific fraud included exploits built around the CARES Act, PPP loans and Economic Injury Disaster loans, and were concentrated in the areas of grant and loan fraud and phishing for personally identifiable information (PII). Fraudsters also targeted unemployment benefits, filing fraudulent claims using false identities. The report says that some victims of this scam didn’t even know their identity had been used until they received a 1099-G from the IRS showing that they had collected unemployment insurance benefits that never hit their bank accounts.
BEC/EAC Scams Are Getting More Sophisticated
Almost everyone has gotten emails from a member of the royal family in some faraway land asking them to take delivery of a significant cash sum. Now that both consumers and spam filters are hip to this kind of email scam, fraud perpetrators have devised more legitimate-seeming cons, including “compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector and fraudulent requests for large amounts of gift cards,” according to the report.
In 2020, the IC3 says it also saw an increase in BEC/EAC (business email compromise/email account compromise), in which bad actors used personal information to open crypto accounts to transfer stolen funds.
The report points out that of all cybercrime victims last year, those over 60 were hit hardest, totaling 105,301 versus 70,791 in the 20-29 group. Even more significant is that those over 60 lost a total of $966,062,236 to scams versus just $197,420,240 in the younger group. A particularly successful scam in the older demographic was tech support fraud, in which criminals pose as tech support reps claiming that a victim’s bank account has been compromised, or act as agents for utility companies or virtual currency exchanges requesting wire transfers to overseas accounts. People over 60 comprised at least 66 percent of this victim pool and accounted for at least 84 percent of the losses, which totaled over $116 million.
Shifting Scams
The report also lays out a comparison of scam types over the past three years, showing some interesting changes. Most notably, it seems the cybercriminals are dropping the clever ruses and going straight for extortion. The number of extortion complaints nearly doubled from 2019’s 43,101 to 2020’s 76,741. The IC3 defines extortion as the “unlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution or public exposure.”
Another noticeable spike was seen in the identity theft realm, with complaints climbing to 43,330 from 16,053 in 2019. Misrepresentation, in which goods or services ordered and paid for either arrive as substandard products or don’t arrive at all, quadrupled from 5,975 to 24,276, while non-payment/non-delivery climbed to 108,869 from 61,832. Non-payment scams affect companies, who ship goods or deliver services for which they are never paid, while non-delivery is the opposite – goods are paid for, but never sent.
Phishing scams also proliferated in 2020, more than doubling from 114,702 in 2019 to 241,342 in 2020.
While the report details disturbing increases in cyber scams, it also provides evidence that the Recovery Asset Team (RAT) is having a good deal of success in combating them. As one example, the report points to an incident in June 2020 when the IC3 heard from a hand-sanitizer company in Chicago that had been scammed out of $977,411 that was meant to purchase ventilators. Working with the victim’s bank, the organization was able to freeze the most recent transfer, but by that point, the previous transfer had been transferred to bitcoin.
In total, RAT handled 1,303 incidents in 2020 with total losses of $462,967,963.72 and managed to freeze $380,211,432.04, which translates to an 82 percent success rate.