The statistics gathered by the FBI’s Internet Crime Complaint Center (IC3) for 2018 show Internet-enabled theft, fraud, and exploitation remain pervasive and were responsible for a staggering $2.7 billion in financial losses in 2018.
In its annual Internet Crime Report, the FBI reports the IC3 received 351,936 complaints in 2018 — an average of more than 900 every day. The most frequently reported complaints were for non-payment/non-delivery scams, extortion, and personal data breaches. The most financially costly complaints involved business email compromise (BEC), romance or confidence fraud, and investment scams, which can include Ponzi and pyramid schemes.
The report specifically noted that the IC3 received 20,373 BEC/email account compromise (EAC) complaints with adjusted losses of more than $1.2 billion.
“BEC and EAC are constantly evolving as scammers become more sophisticated,” the report stated. “In 2013, BEC/EAC scams routinely began with the hacking or spoofing of the email accounts of chief executive officers or chief financial officers, and fraudulent emails were sent requesting wire payments be sent to fraudulent locations. Through the years, the scam has seen personal emails compromised, vendor emails compromised, spoofed lawyer email accounts, requests for W-2 information, and the targeting of the real estate sector.
“In 2018, the IC3 received an increase in the number of BEC/EAC complaints requesting victims purchase gift cards. The victims received a spoofed email, a spoofed phone call or a spoofed text from a person in authority requesting the victim purchase multiple gift cards for either personal or business reasons.”
Reports came in from every U.S. state and territory and involved victims of every age. There was a concentration of victims and financial losses, however, among individuals over the age of 50.
“The 2018 report shows how prevalent these crimes are,” said Donna Gregory, chief of the IC3. “It also shows that the financial toll is substantial and a victim can be anyone who uses a connected device. Awareness is one powerful tool in efforts to combat and prevent these crimes. Reporting is another. The more information that comes into the IC3, the better law enforcement is able to respond.”
The bright spots reported by the IC3 include the establishment in February 2018 of the Recovery Asset Team (RAT) and its success in recovering funds lost in business email compromise scams. These sophisticated scams involve perpetrators infiltrating businesses’ email accounts and requesting fraudulent wire transfers or gift card purchases. The report noted that the RAT “works within the Domestic Financial Fraud Kill Chain (DFFKC) to recover fraudulent funds wired by victims. The DFFKC is a partnership between law enforcement and financial entities.”
The Recovery Asset Team has helped streamline communication with financial institutions and assist FBI field offices in the recovery of funds for businesses that report a fraudulent domestic transfer. The team was able to successfully recover more than $192 million in funds — a recovery rate of 75 percent.
One recovery success came in Colorado, where a victim wired $56,179.27 for a home purchase to a thief after receiving a spoofed email request from the lending agent. The Recovery Asset Team worked with the Denver Field Office and the victim’s bank to freeze the funds transfer and return $54,000 of the stolen money.
The report also noted that in February 2018, “the IC3 RAT received a complaint filed by a BEC victim located in New York, who, after receiving a compromised email from their closing agent during a real estate transaction, initiated a wire transfer of $50,000 to a fraudulent bank account located in New York. The IC3 RAT contacted the bank’s fraud department to identify the bank’s procedures for fraudulent wire transfer notification. The bank then worked with the IC3 and the victim to recover the funds. In April 2018, the bank reported to the IC3 that the victim would receive a full recovery of the funds.”
To improve the chances of a successful recovery, it is imperative that victims contact their bank immediately upon discovering a fraudulent transaction as well as report the crime to the IC3.
The large number of complaints captured by the IC3 in 2018 also helped improve the data available to all law enforcement entities as they search for connections among cases and look for trends and patterns in crimes and victims. In addition, the IC3’s Operation Wellspring Initiative helps build the cyberinvestigative capability and capacity of state and local law enforcement by linking them to the FBI’s field offices for support on identifying and responding to malicious cyberactivity.
In 2018, the IC3 also worked with the FBI’s Victim Services Division to add staff to help better serve the victims of cyber-enabled crime. The victim specialist-Internet crimes position helps provide crisis intervention services, assess victim needs, and refer victims to additional resources.
The report stated: “The VSIC contact victims of Internet crimes, provide crisis intervention, conduct needs assessments, and refer victims to resources and referrals when appropriate. This new position is designed to ensure timely support and services are provided to victims to prevent further victimization and to engage the recovery process as quickly as possible. These positions also lead to a greater coordination of services with the victim’s local field office victim specialist.”