The FBI published its "Internet Crime Report 2016" based on information received by the Internet Criminal Complaints Center (IC3). The study shows that 298,728 complaints were filed in IC3 in 2016, compared with 288,012 in 2015, and the reported cybercrime losses amount to more than $ 1.45 billion.
However, these figures are probably only part of the full picture, as the FBI estimates that only 15 % of the nation's fraud victims report the crimes to the authorities.
"The 2016 Internet Crime Report," writes Scott Smith, assistant director, the cyber division of the FBI in the report's introduction, "highlights the IC3's efforts in monitoring trending scams such as Business Email Compromise (BEC), ransomware, tech support fraud, and extortion."
The report points the most profitable hacker crimes are business email compromise (BEC), email Account compromise (EAC), ransomware, the tech support scam, and extortion.
The BEC fraud, the report notes, "began to evolve in 2013 when victims indicated the email accounts of Chief Executive Officers or Chief Financial Officers of targeted businesses were hacked or spoofed, and wire payments were requested to be sent to fraudulent locations." Since then, this type of cybercrime has not only grown but has evolved.
"In 2016, the scam evolved to include the compromise of legitimate business email accounts and requests for Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees." Last year, IC3 received 12,005 BEC/EAC complaints, with losses of more than $360 million.
Ransomware gets more public attention than BEC, but incidents and losses from ransomware attacks are smaller than BEC losses. "Recent iterations target specific organizations and their employees, making awareness and training a critical preventative measure." In 2016, IC3 received 2,673 complaints, identified as ransomware, with losses of over $ 2.4 million.
The tech support fraud is surprisingly widespread and effective. "Once the phony tech support company or representative make verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device. Once the subject has control, additional criminal activity occurs."
This cybercrime may include demanding a ransom, theft of sensitive personal information, or the installation of malicious software. Recently, through this fraud, hackers have persuaded victims to allow them access to refund an overpayment for earlier services. "With this access, the subject claims to have 'mistakenly' refunded too much money to the victim's accounts, and requests the victim wire the difference back to the subject company."
In reality, however, the hacker uses the access granted to perform the "refund" from another account belonging to the victim. The victim sees the "refund," does not recognize it as his own money, and wires the requested means to the fraudster.
In 2016, 1the IC3 received 10,850 tech support fraud complaints with losses in excess of $7.8 million. The most vulnerable to this type of cybercrime are older victims.
"Extortion is defined as an incident when a cyber criminal demands something of value from a victim by threatening physical or financial harm or the release of sensitive data." However, this category does not include the ransomware, although this crime is an obvious form of extortion. The FBI includes DoS attacks, hitman schemes, sextortion, Government impersonation schemes and loan schemes. "In 2016, the IC3 received 17,146 extortion-related complaints with adjusted losses of over $15 million."