FBI: Cyber-Fraud Losses Rise to Reach $1.4B

Tech-support scams took off during the year, while whaling/business email compromise was the main threat, accounting for losses of more than $675 million.

About 301,580 consumers reported cyber-fraud and malware attacks to the FBI’s Internet Crime Complaint Center (IC3) last year – with reported losses exceeding a whopping $1.4 billion.

The year’s haul of reports brings the overall total of complaints since the IC3 began recording such things to 4 million.

Top threats for the year include well-worn trends like whaling, phishing and ransomware, but also tech support fraud, confidence games involving romance themes, non-payment scams and also straightforward extortion.

Notable Stats

Whaling, a.k.a. business email compromise, made up the bulk of the complaints for the department, with 15,690 individuals affected and accounting for adjusted losses of more than $675 million. In these cases, criminals masquerade as company executives to request a change in account information for wire transfers in order to siphon off money to their own accounts, or to request for personally identifiable information or W-2 form data for employees. In 2017, the real estate sector was in particular heavily targeted, IC3 said.

Tech-support fraud, where criminals pose as a variety of different security, customer or technical support reps offering to resolve any number of (non-existent) issues, took the crown for growth. Reported incidents spiked to 10,949 complaints and claimed losses reached nearly $15 million, which represents a staggering 90 percent increase from 2016. IC3 received complaints from victims in 85 different countries.

There are of course many variations of this scam, but IC3 said that the bad actors are now changing up their tactics to use phishing emails with malicious links or fraudulent account charges to lure their victims. They’re also offering new “services,” such as income tax assistance, GPS help, printer support, cable company updates or support for virtual currency exchanges. In some variations, criminals are posing as government agents, who (oh the irony!) offer to recover losses related to tech support fraud schemes; or, they may request financial assistance with “apprehending” criminals.

Other stats of note for 2017 include the fact that the IC3 received 1,783 complaints identified as ransomware last year, with adjusted losses of over $2.3 million. It also received 14,938 extortion-related complaints, with adjusted losses of over $15 million.

When it comes to demographics, older Americans seem to be more targeted: There were 49,523 complaints from victims over the age of 60 with adjusted losses in excess of $342 million.

Fraud Gets Elaborate

The IC3 also uncovered a few “long-cons” that indicate the lengths to which fraudsters will go to scam their marks. Consider the case of an international investment scheme involving the impersonation of Branch Banking & Trust (BB&T) and JPMorgan Chase executives, the fabrication of U.S. government documents, the creation of fraudulent investment agreements in the name of the banks, and the purchase of luxury vehicles to launder the proceeds of the scheme. It resulted in losses of more than $7 million from victims in more than 20 countries.

In this case, West African operators essentially duped unwitting victims into believing they would receive millions of dollars of investment funding as part of joint ventures with BB&T or Chase. They set about spoofing bank domains and recruiting U.S. citizens to pose as bank “representatives” at in-person meetings with the victims; and fake U.S. government documents were used to convince the victims that the government was sponsoring the investment agreements. The victims were then asked to pay tens of thousands of dollars (often hundreds of thousands of dollars) to U.S.-based bank accounts on the belief that such payments were necessary to effectuate their investment agreements.

The scam was partially broken up by FBI Houston as a result of the mounting number of complaints and forensic data. Only about $200,000 of the cash has been recouped.

 

Suggested articles

Discussion

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.