2021 IC3 Report Key Findings: Billions Lost in BEC Scams

Paige Tester
Written by Paige Tester
News and Commentary /
2021 IC3 Report Key Findings: Billions Lost in BEC Scams

Every year the FBI’s Internet Crime Complaint Center (IC3) receives hundreds of thousands of complaints from Americans who have fallen victim to or been targeted by cybercrimes. In 2021, the center received over 847,000 complaints, a 7% increase from the previous year. The reported potential losses exceed $6.9 billion (up from $4.2 billion in 2020). Yup, you read that right – billion.

Ransomware, business email compromise (BEC), and cryptocurrency schemes are the top incidents reported. In fact, BEC complaints alone made up almost 20,000 complaints with an adjusted loss of $2.4 billion dollars, putting it at the top of the list of crime types when ranked by losses.

Below, we’ll break down some of the major findings from the FBI’s 2021 Internet Crime Report that was released earlier this year.

5 Key Findings from the FBI’s 2021 Internet Crime Report (IC3)

1.   Complaints and Losses are Steadily Increasing

Business is booming for these cybercriminals. When we look at an overview of the last 5 years of data, the report highlights a steady year-over-year increase in the number of complaints and losses reported (2017 - 2021). We see the total rate of complaints jump from just over 300k in 2017, to almost 850k in 2021. In addition, reported losses in 2017 totaled $1.4 billion, reaching $6.9 billion in 2021.

The report also looks at the top 5 crime types reported over the last 5 years. Of the 5 most popular crime types, “phishing, vishing, smishing, and pharming” shows the most significant increase in reported use over the 5-year period. This crime type alone is attributed to over 320,000 victims in 2021 and $44.2 million dollars in losses.

IC3 Report Figure 1

2.   Cybercriminals Exploit WFH

With an increase in remote workforces, the need for advanced cybersecurity controls is more important than ever. The report highlights how cybercriminals have successfully exploited the shift to virtual meetings by fooling their victims into sending fraudulent wire transfers.

A popular tactic includes compromising an executive or other employee's email, requesting a virtual meeting with the victim, and then carrying out the attack through the use of “deep fake” audio.

“The fraudster would insert a still picture of the CEO with no audio, or a “deep fake” audio through which fraudsters, acting as business executives, would then claim their audio/video was not working properly. The fraudsters would then use the virtual meeting platforms to directly instruct employees to initiate wire transfers…” - IC3 2021 Report

3.   $1.6 Billion in Cryptocurrency was Reported Stolen

Many cryptocurrencies have seen a sharp increase in their value over the last several years. The lack of security and regulation in this space has made it even easier for cybercriminals to carry out financial fraud at scale. Coins like Bitcoin, Ethereum, and Litecoin have become a preferred method of payment for many cybercriminals.

“Once limited to hackers, ransomware groups, and other denizens of the “dark web,” cryptocurrency is becoming the preferred payment method for all types of scams – SIM swaps, tech support fraud, employment schemes, romance scams, even some auction fraud.” - IC3 2021 Report

The reported loss amount in cryptocurrency theft has increased 7x year over year, totaling a whopping $1.6 billion in 2021.

IC3 Report Figure 2

4.   Ransomware Attacks Target Critical Infrastructure

Another threat type outlined in the report includes ransomware attacks, with an estimated $49.2 million in losses in 2021.

“Although cyber criminals use a variety of techniques to infect victims with ransomware, phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents reported to the IC3.” - IC3 2021 Report

While we’ve witnessed this trend for some time, a scarier and more recent development is the use of ransomware to target critical infrastructure. According to the report, the IC3 received 649 complaints about ransomware attacks carried out on organizations belonging to critical infrastructure sectors. The sectors most frequently victimized by ransomware attacks included healthcare and public health, financial services, information technology, and critical manufacturing. Even worse, the FBI anticipates an increase in critical infrastructure victimization in 2022.

5.   Be Weary of Tech Support Scams

Bad actors continue to pose as well-known companies in order to carry out tech support scams. Losses related to tech support fraud experienced a sharp increase in 2021, jumping 137% between 2020 and 2021, bringing the total to $347 million in 2021. The report also noted the growing popularity of customer service support scams in which bad actors impersonate utility companies and financial institutions.

How To Safeguard Your Organization from BEC

The FBI’s 2021 IC3 report shines a light on the continual and relentless attacks carried out by cybercriminals, including the steady increase in BEC and phishing attacks. This creates risk for your organization and an inflated workload for your security team.

With Armorblox, you’re able to leverage the power of machine learning to detect and remediate malicious emails before they hit your employee’s inboxes, reducing the weight on your team’s shoulders.

Take 5-minute Product Tour

Read This Next