An FBI center that collects cybercrime complaints said Wednesday that it received 847,376 of them last year, with estimated potential losses totaling $6.9 billion — a 64% increase from 2020.
The total number of crime reports tallied by the FBI’s Internet Crime Complaint Center (IC3) only rose 7%, a fact that only highlights the increased costliness of the attacks that the IC3 did receive complaints about. Not all victims disclose that they were struck to the FBI, a constant source of pleas from the bureau.
“In 2021, America experienced an unprecedented increase in cyber attacks and malicious cyber activity,” wrote Paul Abbate, deputy director of the FBI. “These cyber attacks compromised businesses in an extensive array of business sectors as well as the American public.”
Business email compromise, a kind of attack where the criminal poses as a legitimate company official to order unauthorized money transfers, led the pack once more as the costliest crime, tallying $2.4 billion in adjusted losses, according to the IC3.
Investment schemes ($1.5 billion), romance scams ($956 million), personal data breaches ($517 million) and real estate scams ($350 million) rounded out the top five most expensive reported crimes.
There wasn’t a lot of overlap between cost of attacks and the most common kinds reported to the FBI. The top five kinds to tally the most victim reports were phishing and its variants (323,972), non-payment (82,478), personal data breach (51,829), identity theft (51,629) and extortion (39,360).
Cryptocurrency played a greater role in estimated 2021 cybercrime losses, the IC3 said, totaling $1.6 billion compared to $246 million in 2020 despite a lower number of victims from year-to-year. The Biden administration and Congress have been trying to uproot cryptocurrency’s role in illicit finance.
“Once limited to hackers, ransomware groups, and other denizens of the ‘dark web,’ cryptocurrency is becoming the preferred payment method for all types of scams — SIM swaps, tech support fraud, employment schemes, romance scams, even some auction fraud,” the report reads. “It is extremely pervasive in investment scams, where losses can reach into the hundreds of thousands of dollars per victim.”
Despite its high profile, ransomware only accounted for 3,729 complaints with losses of $49 million.
At a speech in Detroit on Tuesday, FBI Director Christopher Wray asked businesses to share more information about attacks they endure.
“If American businesses don’t report attacks and intrusions, we won’t know about most of them, which means we can’t help you recover, and we don’t know to stop the next attack, whether that’s another against you or a new attack on one of your partners,” he said, according to his prepared remarks. “We like to say that the best way to protect one business is to hear from others, and the best way to protect others is to hear from that one.”
That reporting has improved, however, Wray said, with the FBI then using the input “to develop information about who the adversary is, what they’re doing, where, why, and how, taking pains to protect the information we get from companies the same way we carefully protect our sources when we get info from our investigations, NSA, foreign partners, etc.”