For years I have been encouraging people to report their instances of Cybercrime to the FBIs Internet Crime & Complaint Center, IC3.gov. Based on the number of reports, people are finally doing just that. The growth in reporting over the last two years is remarkable driven in part by the desperation people are facing regarding two major cybercrime trends: Ransomware and Business Email Compromise. State and local authorities seem powerless to do anything about either of these, so finally they are encouraging (and in many cases helping) to get these crimes reported to the IC3, where we can use pattern matching to identify trends that reveal top criminals.
Comparing 2015 to 2019, cybercrime reports are up 61% with 467,361 complaints received just in calendar 2019. An average of 1280 complaints per day! But while the NUMBER of complaints has gone up by 61%, the dollars lost in those complaints has more than tripled! While Ransomware is certainly an important topic, the key difference in the financial impact has been Business Email Compromise. During calendar 2019, BEC complaints only accounted for 5% of the complaint volume (23,775 out of 467,361) that 5% of complaints accounted for 48.5% of all financial losses experienced by the victims ($1.7 Billion of 3.5 Billion!)
The good news on the BEC front is that the FBI has a stream-lined internationally successful process for recovering funds. Started in February 2018, the FBIs Recovery Asset Team has been getting better and better at their process. In Calendar 2019, the RAT was invoked on 1,307 cases, and were successful at recovering funds 79% of the time. Out of $384,237,651 stolen, they recovered $304,930,696! That is an amazing improvement over times past!
While Phishing, a crime that Ive been personally invested in chasing for at least 15 years, remains the most commonly experienced crime, with 114,702 cases reported to the ic3.gov in 2019, from a financial perspective, it just isnt even close to BEC and Romance Scams, the two categories we also called out as most important in our review of the 2018 IC3.gov Report. (See our blog post:IC3.gov: BEC Compromises and Romance Fraud 2018from last April.)
By victim count, BEC came in as the #6 category, while Romance Scams came in at #7.But by dollars lost, BEC is clearly #1 and Romance Scams are clearly #2.
While these losses seem staggering, please remember that these are ONLY THE REPORTED losses. Especially in the area of Romance Scams, we believe the number is dramatically under-reported. Often this is because the victim is an elderly person who either hides their victimization because they are embarrassed by the loss, or perhaps never realizes that theyve been scammed, especially in the case of a person who may be experiencing mental decline, but has no caretaker.
The Financial Crimes Enforcement Network, FinCEN, used a far different approach to trying to identify the scale of BEC attacks, as we reported last year in our blog article:FinCEN: BEC far worse than previously believed. FinCEN performed analysis on the Suspicious Activity Reports that are required of financial institutions in the United States and looked for tell-tale signs that the activity may have been a Business Email Compromise instance, whether reported to IC3 or not. Based on FinCENs numbers, we estimated the amount of money stolen by BEC criminals to be $8.7 Million per day JUST IN THE United States!
Our friends at Agari, (Hi John! Hi Crane! Hi Ronnie! Hi Patrick!), do a great deal of work in the BEC space, including running the Business Email Compromise Working Group. Ronnie shared some stats in his blog last fall about how long it would take BEC crime to surpass each of several other crime types. I encourage the interested reader to check it out here: Business Email Compromise (BEC): Putting $26 Billion in Known Losses into Context.
The 2019 Annual IC3.gov report also has a break-down of state losses. As we did last year (see:http://garwarner.blogspot.com/2019/04/ic3gov-bec-compromises-and-romance.html) , weve tried to normalize these numbers by allowing you to compare the number of BEC victims and losses per state, but also expressing those as an average loss per victim and the number of victims per 100,000 population in that state.
To allow the reader to easily see if their state number of victims or their average victims per loss is far above or below the average, well share that information here.
The national average was $71,569 loss per BEC victim.The average state had 6.8 victims per 100,000 population.
So, for example, my state, Alabama, has far less than the average loss, and also fewer victims per 100,000 than the national average.
The ten states (or territories) with the highest average BEC loss per victim were:
And the states (or territories) with the highest rate of victimization per 100,000 population were:
Here is the BEC data for each state from IC3.gov (plus the population and average that we calculated here:) click for BEC Data by State in a sortable Excel spreadsheet
For Confidence/Romance Scamsthe national average loss was $25,911 per victim.the average number of victims per 100,000 population was 4.9.
In my state, we were about normal for victimization rate, with a slightly lower 4.1 victims per 100,000. We were also slightly below the national average loss per victim, with $21,166 lost per victim or Romance Scams.
The ten states that the highest average losses per victim for Romance Scams were:
While the states with the highest number of romance scam victims per 100,000 population were:
Read more:
IC3.gov 2019 Internet Crime Report: Its All About that BEC - Security Boulevard
Read More..