Every year, the FBI’s Internet Crime Complaint Center (IC3) releases its Internet Crime Report that provides statistics on the types of internet crimes reported during the previous year, the total amount of financial losses caused by the crime, a state-specific breakdown of crimes, and more.
The 2020 report has been recently published, and, unsurprisingly, it shows a drastic increase in internet crime, in large due to the COVID-19 pandemic.
In 2020, the IC3 saw a 69% increase in total complaints. “In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cybercriminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree,” explains Paul Abbate, Deputy Director of the FBI.
Internet crime resulted in $4.2 billion in losses, which is a 20% increase from 2019.
Those in the over 60 age category accounted for the highest percentage of registered complaints – 13%, incurring almost $1 billion in losses ($966,062,236).
Social engineering strategies – phishing, vishing, smishing, and pharming, more precisely – were the most frequent type of internet crime committed in 2020, which is consistent with the 2019 trend. In 2020, these types of crime accounted for almost a third of all reported crimes (30.4%). Business Email Compromise (BEC) and Email Account Compromise (EAC) crimes resulted in $1.9 billion in losses, or 45% of total losses.
The report notes a steady upward trend over the past three years in the following types of crime:
- Confidence fraud/romance
- IPR/copyright and counterfeit
- Real estate/rental
The highest number of complaints was registered in California and Florida, followed by Texas and New York.
Outside of the United States, countries with the highest number of reported victims of internet crimes are (starting from highest):
- United Kingdom
- South Africa
While alarming, none of these numbers are shocking. The COVID-19 pandemic has unleashed an unprecedented number of opportunities for cybercriminals. With millions of people in the United States (and hundreds of millions worldwide) switching to working from home, many organizations did not set up processes to ensure network security when accessed remotely.
With so many jobs and activities switching to the digital space, organizations – local governments, healthcare providers, educational institutions, private companies, and others – found themselves under tremendous pressure to offer an uninterrupted experience to their employees, customers, citizens, patients, and students. The accelerated digitization and workforce distribution put a burden on IT infrastructures that, in many instances, were not adequately prepared to switch to a remote, digital-first model of operations safely.
Cyberattackers also used the often chaotic state of information on the pandemic to trick people into social engineering-based scams – for example, by disguising emails as coming from healthcare institutions.
Furthermore, the increased spotlight on the healthcare system – whether it’s in terms of patient care and patient information due to the rising number of hospitalized people or research conducted by healthcare institutions and universities – has made this sector an even more lucrative target for malicious actors than before.
Finally, the pandemic has resulted in millions of people getting laid off (the highest unemployment rate was recorded in April 2020 at 14.7%) and finding themselves uncertain financial situations, making them more vulnerable and susceptible to scams.
While some experts predict things will “get back to normal” towards the end of 2021, the reality is that our notion of “normal” has shifted as a result of the pandemic. While many employees will return to working from an office, a large number of companies have realized the cost-saving opportunities presented by remote work and plan to maintain this arrangement indefinitely.
Likewise, many consumers, citizens, patients, and customers will want to continue enjoying the convenience of completing certain activities digitally, be it consulting a doctor, ordering home delivery for groceries, or submitting forms to municipal governments electronically.
However, to remain secure in this new digital world, organizations must prioritize their cybersecurity, if they haven’t done so already, invest in updating their network security infrastructure, and provide their employees with ongoing cybersecurity awareness training.