Archives June 2022

IC3 Annual Report – 2021 Elder Fraud Report

Dear Reader,

Working with the Department of Justice Elder Fraud Initiative and other internal and external partners, the FBI is committed to identifying, investigating, and prosecuting criminals who target seniors. The Internet Crime Complaint Center (IC3) is a key component in this endeavor, as it provides victims a venue to identify the subject and the fraud committed against them.

Through this voluntary submission of information, the IC3 receives and tracks thousands of complaints each day. These complaints contain the details of multiple types of schemes, including romance scams, investment fraud, government impersonation, and tech support fraud.

The number of elderly victims has risen at an alarming rate, while the loss amounts are even more staggering. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the IC3. This represents a 74 percent increase in losses over losses reported in 2020.

As a result of these trends and the emphasis by the FBI on protecting our seniors, the FBI is publishing the 2021 IC3 Elder Fraud Annual Report. This information is a companion report to the 2021 IC3 Annual Report released in March 2022. These reports, along with other publications, are available at www.ic3.gov.

The intent of this information is to educate, warn, and protect potential victims of all ages. Highlighting the crimes specifically affecting seniors will it be possible to ensure the necessary emphasis and resources are allocated to address this problem.

For those who unfortunately fall victim to these criminal tactics, please know the information you provide to the FBI is vital in bringing the criminals responsible to justice.

Luis M. Quesada
Assistant Director
Federal Bureau of Investigation
Criminal Investigative Division

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3ElderFraudReport.pdf

IC3 Annual Report – 2021 Internet Crime Report

Dear Reader,

In 2021, America experienced an unprecedented increase in cyber attacks and malicious cyber activity. These cyber attacks compromised businesses in an extensive array of business sectors as well as the American public. As the cyber threat evolves and becomes increasingly intertwined with traditional foreign intelligence threats and emerging technologies, the FBI continues to leverage our unique authorities and partnerships to impose risks and consequences on our nation’s cyber adversaries.

The FBI’s Internet Crime Complaint Center (IC3) provides the American public with a direct outlet to report cyber crimes to the FBI. We analyze and investigate the reporting to track the trends and threats from cyber criminals and then share this data with our intelligence and law enforcement partners. The FBI, alongside our partners, recognizes how crucial information sharing of cyber activities is to prepare our partners to combat the cyber threat, through a whole-of-government approach. Critical to that approach is public reporting to IC3 – enabling us to fill in the missing pieces with this valuable information during the investigatory process. Not only does this reporting help to prevent additional crimes, it allows us to develop key insights on the ever-evolving trends and threats we face from malign cyber actors.

In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Among the 2021 complaints received, ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency are among the top incidents reported. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.

IC3’s commitment to cyber victims and partnerships allow for the continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2021, the IC3’s RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.

In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them. Thank you to all those readers who reported crimes to IC3 throughout the year. Without this reporting, we could not be as effective in ensuring consequences are imposed on those perpetrating these attacks and our understanding of these threats would not be as robust. Please visit IC3.gov to access the latest information on criminal internet activity.

The FBI’s Cyber Division is working harder than ever to protect the American public and to instill safety, security, and confidence in a digitally connected world. We encourage everyone to use IC3 and reach out to their local FBI field office to report malicious activity. Together we can continue to create a safer and more secure cyber landscape.

Paul Abbate
Deputy Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

What Is Cyber Extortion?

Article (PSA-0019)
Submitted by: Billy Joe Long
Company: PSA Computer Services
Titled: What Is Cyber Extortion?
Original release date: June 10, 2022

The news is constantly reporting cyber-criminal activity and the devastating consequences of those who are compromised. This article will define what cyber-extortion is, and some steps you can take to make it less likely that you will fall prey to their criminal schemes. I will also lay out for you a vital step you can do now to help recover in the event you are compromised.

So, what is cyber-extortion? Cyber-extortion is a network/internet crime where an individual or group demands money or some other response to discontinue whatever criminal activity they are enacting against you or your business. In one type of cyber-extortion the attackers compromise a device on the victims network and then attempt to install malware known as ransomware on the device. If successful they will then inform the user of the situation and demand payment for the user to regain access to their data.

How are we so easily compromised? Email. Email has become a serious problem with the shear volume of spam that most of us receive. Cyber-criminals know most people are dealing with large volumes of junk email everyday and are likely to click on a link in an email if the email looks legitimate to the user in someway. So these attackers expend quite a lot of effort to custom craft emails to closely resemble authentic emails from companies most of us are very familiar with. Embedded in these counterfeit emails are links to malware and phone numbers to hack groups. Once the link is clicked or the number is called you are well on your way to full compromise and at their mercy.

So what can we do to help avoid this situation? First step, don’t trust any email. You must exercise restraint and common sense. Let me give you an easy example. You receive an email stating that you just won a million dollars. All you have to do is click this link to start your claim. We now apply common sense and mark the email as Spam and then Delete it. Why? Because you did not just win a million dollars and if you click that link to claim it, your going to get something you’ll regret for a long time. Easy right? Let’s try a harder one. You receive an official looking email stating that your payment of $1,200 dollars has been successfully processed and will deduct from your account within the next 3-5 business days. The email then goes on to thank you for your payment and for being one of their valued customers. At the very bottom of the email, where you would expect it to be, is the statement: if you did not initiate this payment please click this link to cancel the payment. What do you do? Take a careful look at the return email address for the email – does it make sense? Now hover over the link they are directing you to – without clicking on it! Does the link make sense? With some training and skill you’ll be able to identify these scam emails and avoid a lot of trouble. If after examining the email you still can’t determine whether it’s legit or not, contact your IT service provider. They will take a look at the email for you and let you know if it’s legit.

What can you do now to help minimize the pain if you do become compromised? Backups. Backup, backup, backup. You hear it all the time, but are you doing it? Are you doing the right kind of backups? If not, you are in store for some serious heartache. With a proper backup system these compromises become less painful. If for some reason you or your business becomes the victim of a cyber-extortion group, it can be mitigated without paying them a dime and with minimal down-time by restoring the system (or systems) to a previous state.

In this article I have attempted to raise your awareness to the ongoing issue of cyber-extortion and cyber-criminals. These crimes are not just happening to corporations or down in the city, they’re happening to local businesses and our neighbors. Knowledge is power – if it is used correctly! I hope you will take what you have learned here and use it as a starting point for your own research into how to protect yourself and your friends from cyber-criminals.

If you have questions concerning cyber-crime, email, backup systems or any other issues give us a call.