The Internet Crime Complaint Center (IC3) is the Federal Bureau of Intelligence’s (FBI) central depository for collecting Internet crime complaints. The IC3 objective is to offer the public a reliable and simple reporting mechanism for investigating Internet-facilitated crimes to the FBI, and to create an effective alliance with the industry partners.
According to IC3 data, the top three recorded crimes in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breaches, with business email compromise scams, investment fraud, and romance and confidence schemes losing the most money to victims. People in their 60s and those who live in California were the hardest hit.
The IC3’s companion 2021 State Reports provide a more in-depth look at data on cybercrime in specific states.
Along with statistics on cybercrime, the document gives advice on how to protect yourself and prevent future attacks. It also includes case studies highlighting the FBI's recent efforts to combat online criminality.
In 2021, cyber-attacks and hostile cyber activities in the US reached new heights. These cyber-attacks harmed businesses across a wide range of industries, as well as the general population in the US. The FBI continues to use its unique authorities and relationships to impose risks and consequences on our nation’s cyber adversaries as the cyber threat changes and becomes increasingly entangled with traditional foreign intelligence threats and emerging technology. The FBI's IC3 allows members of the public to report cybercrime directly to the bureau.
This study examines and analyses the reports in order to detect cybercriminal trends and dangers and then share that information with intelligence and law enforcement partners.
The FBI understands the need to share cyber activity information with partners in order to better prepare them to address the cyber threat using a whole-of-government strategy. Public reporting to IC3 is critical to that strategy, as it allows IC3 to fill in the gaps with this crucial information during the investigation. This reporting not only aids in the prevention of future crimes but also allows us to get valuable insight into the ever-changing trends and risks we face from malicious cyber actors.
According to the FBI's annual Internet Crime Report, people lost more than $6.9 billion to internet crimes in 2021, an increase of more than $2 billion from 2020. The report, which was released in March 2022, states Techstory, provides “details regarding the most common internet scams" as reported to the FBI's Internet Crime Complaint Center. “According to the FBI, 847,376 internet crime reports were reported in 2021, a 7% increase from 2020 but a stunning 81 percent increase over 2019. Phishing scams, non-payment/non-delivery, and personal data breaches were the top three cybercrimes recorded last year.
“Perhaps not surprisingly, much of the rise in internet online crimes over the past two years can be put on the shoulders of the COVID-19 pandemic, which, as the FBI mentioned in its report, led to a surge in working from home and virtual meetings. In 2020, the FBI received more than 28,500 complaints of criminal internet activity specifically related to COVID-19, though there appears to be no tally of internet crimes related to COVID-19 detailed in the 2021 report.
“While COVID-19 limits and mandates are being relaxed across most of the country, criminal activities on the internet, including phishing and data breaches, which reached an all-time high in 2021, may tend to climb. Scams and support fraud, which amounted to 32,400 incidents in 2021, may become more common in the bitcoin realm. Romantic scams, tech support fraud, and ransomware are all prevalent internet crimes to be aware of,” according to the Techstory report.
Here’s what to do if you believe you’ve been the victim of an Internet scam.
Cybercrime In Last Five Years
According to the report, the IC3 has received an average of 552,000 complaints every year in the last five years. The graph below depicts how this number has risen over time:
Phishing-related attacks took the lead by a wide margin:
Business Email Compromise Tops The List
Analysis indicates that Business Email Compromise (BEC) crimes had the most impact. In 2021, the IC3 received 19,954 BECs or Email Account Compromise (EAC) accusations, totaling over $2.4 billion in losses.
The report explains how BEC assaults have evolved over time: “As fraudsters have become more skilled and preventative measures have been implemented, the BEC/EAC scheme has evolved in kind.” Simple hacking or spoofing of commercial and personal email accounts, as well as a request to transmit wire payments to bogus bank accounts, have evolved into a technique.
The compromise vendor emails, requests for W-2 information, targeting the real estate sector, and fraudulent requests for huge quantities of gift cards have all been part of these schemes in the past.
In order to start fraudulent wire transfers, criminals are now exploiting virtual meeting platforms to hijack emails and fake corporate executives’ credentials. These illegal wire payments are frequently transferred to cryptocurrency wallets and disseminated swiftly, complicating recovery attempts. The pandemic and the shift to remote employment are both cited as major drivers of the rise in BEC crimes, according to the research.
Ransomware In 2021
Ransomware numbers were substantially lower than BEC schemes, according to the IC3. Only 3,729 ransomware reports were received, with total losses of more than $49.2 million.
These figures are startlingly low, but they are also likely to be erroneous as many ransomware occurrences go undetected because executives often prefer to keep this information under wraps.
The IC3 Discusses Ransomware In 2021
According to the report, “Ransomware strategies and techniques started to develop in 2021, demonstrating ransomware attack actors' growing technical skills and a greater ransomware threat to enterprises throughout the world." Although cybercriminals use a number of ways to infect victims with ransomware, the top three primary infection vectors for ransomware incidents reported to the IC3 remained phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploiting software vulnerabilities. A ransomware threat actor can deploy ransomware once they have achieved code execution on a device or network access.
Because of the rising usage of remote work and study beginning in 2020 and continuing through 2021, these infection vectors are anticipated to remain popular. This increased the remote attack surface, making it difficult for network defenders to keep up with routine software patching.
The IC3 began tracking ransomware attacks against critical infrastructure firms in June 2021. This was clearly a well-timed choice, given the SolarWinds and Colonial Pipeline disasters earlier this year.
The IC3 received 649 complaints indicating that organizations in the critical infrastructure sector had been hit by ransomware. In the United States, 14 of the 16 critical infrastructure sectors had at least one member fall prey to a ransomware attack in 2021.
The number of ransomware attacks on vital infrastructure sectors is presented in the graph below:
A breakdown of the three most common cyber gangs that target vital infrastructure is also included in the report:
Rise Of Cyber Crimes In Pakistan During 2021
With the widespread use of technology and proliferation of smartphones and gadgets, the number of cybercrime complaints received by the Cyber Crime Wing of the Federal Investigation Agency (FIA) from across the country in 2021 surpassed 100,000.
The number of complaints received by the FIA each month has doubled in four years, from 4,031 in 2018 to 8,688 in 2021, indicating an alarming surge in cybercrime in the country.
From January 1, 2021 to December 31, 2021, the FIA's cybercrime division received 102,356 complaints. Facebook was employed as a medium in 23 percent of the complaints. Last year, 80,641 of the 102,356 complaints received were verified, and 15,932 of them met the requirements for beginning inquiries. Over 1,300 people were arrested after 1,202 cases were filed under relevant parts of the Prevention of Electronic Crimes Act.
According to official data, students reported 32 percent of complaints in 2021, with 25 percent of them involving financial offenses.
Financial fraud and forgery topped the list, with 427 FIRs and 388 arrests, followed by extortion and blackmailing with 267 FIRs and 185 arrests.
Last year, 205 cases were filed under Section 20 (natural person's dignity), 199 instances under Section 21 (rape/modesty of natural person), 76 cases of cyberterrorism/hate speech, and 49 cases of child pornography.
According to IC3 data, the top three recorded crimes in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breaches, with business email compromise scams, investment fraud, and romance and confidence schemes losing the most money to victims. People in their 60s and those who live in California were the hardest hit.
The IC3’s companion 2021 State Reports provide a more in-depth look at data on cybercrime in specific states.
Along with statistics on cybercrime, the document gives advice on how to protect yourself and prevent future attacks. It also includes case studies highlighting the FBI's recent efforts to combat online criminality.
In 2021, cyber-attacks and hostile cyber activities in the US reached new heights. These cyber-attacks harmed businesses across a wide range of industries, as well as the general population in the US. The FBI continues to use its unique authorities and relationships to impose risks and consequences on our nation’s cyber adversaries as the cyber threat changes and becomes increasingly entangled with traditional foreign intelligence threats and emerging technology. The FBI's IC3 allows members of the public to report cybercrime directly to the bureau.
This study examines and analyses the reports in order to detect cybercriminal trends and dangers and then share that information with intelligence and law enforcement partners.
Along with statistics on cybercrime, the document gives advice on how to protect yourself and prevent future attacks. It also includes case studies highlighting the FBI's recent efforts to combat online criminality.
The FBI understands the need to share cyber activity information with partners in order to better prepare them to address the cyber threat using a whole-of-government strategy. Public reporting to IC3 is critical to that strategy, as it allows IC3 to fill in the gaps with this crucial information during the investigation. This reporting not only aids in the prevention of future crimes but also allows us to get valuable insight into the ever-changing trends and risks we face from malicious cyber actors.
According to the FBI's annual Internet Crime Report, people lost more than $6.9 billion to internet crimes in 2021, an increase of more than $2 billion from 2020. The report, which was released in March 2022, states Techstory, provides “details regarding the most common internet scams" as reported to the FBI's Internet Crime Complaint Center. “According to the FBI, 847,376 internet crime reports were reported in 2021, a 7% increase from 2020 but a stunning 81 percent increase over 2019. Phishing scams, non-payment/non-delivery, and personal data breaches were the top three cybercrimes recorded last year.
“Perhaps not surprisingly, much of the rise in internet online crimes over the past two years can be put on the shoulders of the COVID-19 pandemic, which, as the FBI mentioned in its report, led to a surge in working from home and virtual meetings. In 2020, the FBI received more than 28,500 complaints of criminal internet activity specifically related to COVID-19, though there appears to be no tally of internet crimes related to COVID-19 detailed in the 2021 report.
“While COVID-19 limits and mandates are being relaxed across most of the country, criminal activities on the internet, including phishing and data breaches, which reached an all-time high in 2021, may tend to climb. Scams and support fraud, which amounted to 32,400 incidents in 2021, may become more common in the bitcoin realm. Romantic scams, tech support fraud, and ransomware are all prevalent internet crimes to be aware of,” according to the Techstory report.
Here’s what to do if you believe you’ve been the victim of an Internet scam.
Cybercrime In Last Five Years
According to the report, the IC3 has received an average of 552,000 complaints every year in the last five years. The graph below depicts how this number has risen over time:
Phishing-related attacks took the lead by a wide margin:
Business Email Compromise Tops The List
Analysis indicates that Business Email Compromise (BEC) crimes had the most impact. In 2021, the IC3 received 19,954 BECs or Email Account Compromise (EAC) accusations, totaling over $2.4 billion in losses.
The report explains how BEC assaults have evolved over time: “As fraudsters have become more skilled and preventative measures have been implemented, the BEC/EAC scheme has evolved in kind.” Simple hacking or spoofing of commercial and personal email accounts, as well as a request to transmit wire payments to bogus bank accounts, have evolved into a technique.
The number of complaints received by Pakistan’s FIA each month has doubled in four years, from 4,031 in 2018 to 8,688 in 2021, indicating an alarming surge in cybercrime in the country.
The compromise vendor emails, requests for W-2 information, targeting the real estate sector, and fraudulent requests for huge quantities of gift cards have all been part of these schemes in the past.
In order to start fraudulent wire transfers, criminals are now exploiting virtual meeting platforms to hijack emails and fake corporate executives’ credentials. These illegal wire payments are frequently transferred to cryptocurrency wallets and disseminated swiftly, complicating recovery attempts. The pandemic and the shift to remote employment are both cited as major drivers of the rise in BEC crimes, according to the research.
Ransomware In 2021
Ransomware numbers were substantially lower than BEC schemes, according to the IC3. Only 3,729 ransomware reports were received, with total losses of more than $49.2 million.
These figures are startlingly low, but they are also likely to be erroneous as many ransomware occurrences go undetected because executives often prefer to keep this information under wraps.
The IC3 Discusses Ransomware In 2021
According to the report, “Ransomware strategies and techniques started to develop in 2021, demonstrating ransomware attack actors' growing technical skills and a greater ransomware threat to enterprises throughout the world." Although cybercriminals use a number of ways to infect victims with ransomware, the top three primary infection vectors for ransomware incidents reported to the IC3 remained phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploiting software vulnerabilities. A ransomware threat actor can deploy ransomware once they have achieved code execution on a device or network access.
Because of the rising usage of remote work and study beginning in 2020 and continuing through 2021, these infection vectors are anticipated to remain popular. This increased the remote attack surface, making it difficult for network defenders to keep up with routine software patching.
The IC3 began tracking ransomware attacks against critical infrastructure firms in June 2021. This was clearly a well-timed choice, given the SolarWinds and Colonial Pipeline disasters earlier this year.
The IC3 received 649 complaints indicating that organizations in the critical infrastructure sector had been hit by ransomware. In the United States, 14 of the 16 critical infrastructure sectors had at least one member fall prey to a ransomware attack in 2021.
The number of ransomware attacks on vital infrastructure sectors is presented in the graph below:
A breakdown of the three most common cyber gangs that target vital infrastructure is also included in the report:
Rise Of Cyber Crimes In Pakistan During 2021
With the widespread use of technology and proliferation of smartphones and gadgets, the number of cybercrime complaints received by the Cyber Crime Wing of the Federal Investigation Agency (FIA) from across the country in 2021 surpassed 100,000.
The number of complaints received by the FIA each month has doubled in four years, from 4,031 in 2018 to 8,688 in 2021, indicating an alarming surge in cybercrime in the country.
From January 1, 2021 to December 31, 2021, the FIA's cybercrime division received 102,356 complaints. Facebook was employed as a medium in 23 percent of the complaints. Last year, 80,641 of the 102,356 complaints received were verified, and 15,932 of them met the requirements for beginning inquiries. Over 1,300 people were arrested after 1,202 cases were filed under relevant parts of the Prevention of Electronic Crimes Act.
According to official data, students reported 32 percent of complaints in 2021, with 25 percent of them involving financial offenses.
Financial fraud and forgery topped the list, with 427 FIRs and 388 arrests, followed by extortion and blackmailing with 267 FIRs and 185 arrests.
Last year, 205 cases were filed under Section 20 (natural person's dignity), 199 instances under Section 21 (rape/modesty of natural person), 76 cases of cyberterrorism/hate speech, and 49 cases of child pornography.