2020...what a year. It's one that many of us will ever truly forget. Pandemics, politics, death, and destruction, 2020 brought it all. One of the things that 2020 brought us that's often lost in the shuffle, is a pretty drastic increase in cybercrime. It's not to say cybersecurity wasn't important during 2020, it's just...there was so much else going on.
If you read the blog, you've seen Security7's coverage regarding at least SOME of 2020s top cybersecurity-related incidents. We try and fill in holes where and when we can. Luckily, it's report season and the bigwigs in the space are starting to release their annual reports regarding what they saw across a wide swath of data and then making heads or tails of it.
In this case, we're going to be taking a look at the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center's (IC3) Internet Crime Report 2020 edition.
The IC3's been pretty pivotal in the FBI's war against cybercrime. In 2020 the IC3 received almost 800,000 cybercrime-related complaints from Americans, with $4.1 billion in losses from associated crimes. That's the most the IC3 has ever seen in a year, according to the report.
The report is broken down into 5 key topics:
- Business Email Compromise (BEC)
- IC3 Recovery Asset Team (RAT)
- RAT Success
- Tech Support Fraud
- Ransomware
Let's get into it.
Business Email Compromise
So, the IC3 defined a BEC or, Email Account Compromise (EAC) as cyber-scams that directly target individuals or companies whose job it is to transfer funds. Attackers compromise the target's email account, typically through social engineering attacks (which you can read more about here).
According to the IC3, they received 19,369 complaints regarding these scams in 2020. That leads us into the next section and the IC3's Recovery Asset Team.
IC3's Recovery Asset Team (RAT)
After the complaints come in, its up to the RATs to try and fix things. A RAT to put together a communication channel between financial institutions and the FBI in order to help people get their stolen monies back.
The report included a few KEY lessons directly from the RATs to help businesses and individuals who have been impacted by a BEC scheme. They are:
- Contact the originating financial institution as soon as fraud is recognized to request a recall or reversal and a Hold Harmless Letter or Letter of Indemnity.
- File a detailed complaint with www.ic3.gov. It is vital the complaint contains all required data in provided fields, including banking information.
- Visit www.ic3.gov for updated PSAs regarding BEC trends as well as other fraud schemes targeting specific populations, like trends targeting real estate, pre-paid cards, and W-2s, for example.
- Never make any payment changes without verifying the change with the intended recipient; verify email addresses are accurate when checking email on a cell phone or other mobile device.
RAT Success Stories
The report tells the story of the most successful RAT evere. His name?Ratatouille and he became a world-famous chef in...wait...that's the Pixar movie...hrm...okay okay okay I'm just checking to see if you're still here.
The report does detail how a RAT team was able to get $60 million that was stolen during a BEC scam. They were able to put the necessary parties in touch (some domestic, some as far away as Hong Kong) and stop the scheme dead in its tracks.
Not bad right? It's not french cuisine cooking rodent but as far as RATs might go, not too shabby.
Tech Support Fraud
The IC3 received 15,421 tech support fraud complaints and $146 million in associated losses. They report that's a 171% increase from 2019. Securiity7 has written about tech support scams before, they're sort of a social engineering attack.
There's a seven-step guide that you can read here if you're interested in learning more regarding how to spot and stop something like this from happening to you.
Ransomware
By this point, you're probably sick of even reading the word, let alone the thought of actually having to deal with a ransomware attack. Unfortunately, that doesn't mean they don't happen, and if anybody's going to be hearing about them it's the agents at the IC3.
The report says the IC3 received 2,474 ransomware complaints in 2020 with $29.1 million in losses. That seems...low. Or maybe they're just underreported to the FBI. The report sort of acknowledged that, but didn't supply any additional information to back it up.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.
