Archives June 2022

Dear Reader,

Working with the Department of Justice Elder Fraud Initiative and other internal and external partners, the FBI is committed to identifying, investigating, and prosecuting criminals who target seniors. The Internet Crime Complaint Center (IC3) is a key component in this endeavor, as it provides victims a venue to identify the subject and the fraud committed against them.

Through this voluntary submission of information, the IC3 receives and tracks thousands of complaints each day. These complaints contain the details of multiple types of schemes, including romance scams, investment fraud, government impersonation, and tech support fraud.

The number of elderly victims has risen at an alarming rate, while the loss amounts are even more staggering. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the IC3. This represents a 74 percent increase in losses over losses reported in 2020.

As a result of these trends and the emphasis by the FBI on protecting our seniors, the FBI is publishing the 2021 IC3 Elder Fraud Annual Report. This information is a companion report to the 2021 IC3 Annual Report released in March 2022. These reports, along with other publications, are available at www.ic3.gov.

The intent of this information is to educate, warn, and protect potential victims of all ages. Highlighting the crimes specifically affecting seniors will it be possible to ensure the necessary emphasis and resources are allocated to address this problem.

For those who unfortunately fall victim to these criminal tactics, please know the information you provide to the FBI is vital in bringing the criminals responsible to justice.

Luis M. Quesada
Assistant Director
Federal Bureau of Investigation
Criminal Investigative Division

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3ElderFraudReport.pdf

Dear Reader,

In 2021, America experienced an unprecedented increase in cyber attacks and malicious cyber activity. These cyber attacks compromised businesses in an extensive array of business sectors as well as the American public. As the cyber threat evolves and becomes increasingly intertwined with traditional foreign intelligence threats and emerging technologies, the FBI continues to leverage our unique authorities and partnerships to impose risks and consequences on our nation’s cyber adversaries.

The FBI’s Internet Crime Complaint Center (IC3) provides the American public with a direct outlet to report cyber crimes to the FBI. We analyze and investigate the reporting to track the trends and threats from cyber criminals and then share this data with our intelligence and law enforcement partners. The FBI, alongside our partners, recognizes how crucial information sharing of cyber activities is to prepare our partners to combat the cyber threat, through a whole-of-government approach. Critical to that approach is public reporting to IC3 – enabling us to fill in the missing pieces with this valuable information during the investigatory process. Not only does this reporting help to prevent additional crimes, it allows us to develop key insights on the ever-evolving trends and threats we face from malign cyber actors.

In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion. Among the 2021 complaints received, ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency are among the top incidents reported. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.

IC3’s commitment to cyber victims and partnerships allow for the continued success through programs such as the IC3’s Recovery Asset Team (RAT). Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist freezing of funds for victims. In 2021, the IC3’s RAT initiated the Financial Fraud Kill Chain (FFKC) on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443,448,237. A monetary hold was placed on approximately $329 million, which represents a 74% success rate.

In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them. Thank you to all those readers who reported crimes to IC3 throughout the year. Without this reporting, we could not be as effective in ensuring consequences are imposed on those perpetrating these attacks and our understanding of these threats would not be as robust. Please visit IC3.gov to access the latest information on criminal internet activity.

The FBI’s Cyber Division is working harder than ever to protect the American public and to instill safety, security, and confidence in a digitally connected world. We encourage everyone to use IC3 and reach out to their local FBI field office to report malicious activity. Together we can continue to create a safer and more secure cyber landscape.

Paul Abbate
Deputy Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf

Article (PSA‑0019)

Cyber‑extortion is a crime in which an attacker compromises a device or network and then demands money (or another concession) to stop the malicious activity. The most common form is ransomware – malicious software that encrypts files and displays a demand for payment to restore access.

How Attackers Get In – The Email Factor

• High‑volume spam gives attackers a huge audience.
• Phishing emails are crafted to look like legitimate messages from banks, retailers, courier services, etc.
• These emails contain malicious links or phone numbers that, when clicked or called, can install ransomware or give the attacker remote access.

Spotting a Phishing / Extortion Email

1. Don’t trust the content at face value. If an email promises a prize, a sudden payment, or urgent action, treat it with skepticism.
2. Check the sender address. Look for subtle misspellings (e.g., support@micrsoft.com instead of support@microsoft.com).
3. Hover over every link—no clicks. The URL shown in the tooltip should match the claimed destination and use a trusted domain (e.g., https://www.paypal.com).
4. Look for generic greetings. Real companies usually address you by name.
5. If anything feels off, mark the message as Spam/Junk and delete it. When in doubt, forward the email to your IT provider for verification.

Immediate Steps If You’re Compromised

• Disconnect the device from the network (unplug Ethernet, turn off Wi‑Fi).
• Do not pay the ransom. Paying encourages the criminal ecosystem and rarely guarantees file recovery.
• Notify your IT support or a trusted security professional immediately.
• Run a reputable anti‑malware scan (Microsoft Defender, Malwarebytes, etc.) to identify and remove the malicious payload.
• If you have recent, verified backups, restore the affected system from the backup.

Why Backups Are Your Best Defense

Even the most diligent user can fall for a sophisticated phishing attack. A solid backup strategy turns a ransomware incident from a disaster into a manageable inconvenience.

The 3‑2‑1‑0 Backup Rule (quick recap)

1. Three copies of every important file (the original + two backups).
2. Two different media types (e.g., internal drive + external SSD, or cloud storage).
3. One copy off‑site (cloud service or physical storage stored at a different location).
4. Zero‑error verification – regularly test restores to ensure the backup actually works.

Simple Checklist to Reduce Extortion Risk

• ✔️ Keep OS, applications, and security software up to date.
• ✔️ Use strong, unique passwords and enable multi‑factor authentication wherever possible.
• ✔️ Disable macro execution in Office files unless you specifically need it.
• ✔️ Regularly back up critical data using the 3‑2‑1‑0 rule.
• ✔️ Educate family or staff to recognize phishing cues (unexpected urgency, generic greetings, mismatched URLs).
• ✔️ Restrict administrative privileges – only install software when you have admin rights.

Want Help? We’re Here for You

If you have questions about phishing, ransomware, backup strategies, or any other cybersecurity concern, call PSA Computer Services at (707) 506‑6802. A quick conversation can save you a lot of trouble later.