FBI Report Highlights the Need for More Modern, Secure Digital Banking Platforms
The FBI’s Internet Crime Complaint Center (iC3) was established in May 2000 to provide the public and its partners with a reliable and convenient reporting mechanism to submit information concerning suspected cyber-enabled criminal activity and to develop effective alliances with law enforcement and industry partners to help those who report.
Each year, the IC3 aggregates the submitted data and produces an annual report on the trends impacting the public as well as routinely providing intelligence reports about trends.
As of December 31, 2022, the IC3 has received over 7M complaints, with more than 800,000 of those coming in the past 12 months. And these numbers only represent the portion of complaints that have been filed, not the total number that have occurred. In 2022, those complaints also represented $10.3B in losses, a sharp increase over 2021’s $6.9B.
And as the prize continues to grow higher for fraudsters, so does their level of sophistication. Having a modern, digital banking platform that deploys the very latest in cybersecurity technology and tactics is more critical than ever before.
Here’s a high-level summary of the top three most popular cyber threats the FBI encountered in 2022 and articulated in its 2022 annual report:
1. Business email compromises
In 2022, the IC3 received 21,832 business email compromise (BEC) complaints with adjusted losses of more than $2.7 billion. BEC is a sophisticated scam targeting both businesses and individuals performing transfers of funds. These schemes historically involved compromised vendor emails, requests for W-2 information, targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. More recently, fraudsters are utilizing custodial accounts held at financial institutions for cryptocurrency exchanges, or having victims send funds directly to cryptocurrency platforms where funds are quickly dispersed.
The IC3 also saw a slight increase of BECs targeting victims’ investment accounts instead of the traditional banking accounts. There was also an increasingly prevalent tactic by BEC bad actors of spoofing legitimate business phone numbers to confirm fraudulent banking details with victims. With this increased tactic of “spoofed” phone numbers it emphasizes the importance of leveraging two-factor or multi-factor authentication as an additional security layer. Procedures should be put in place to verify payments and purchase requests outside of email communication and can include direct phone calls but to a known verified number and not relying on information or phone numbers included in the email communication.
2. Investment Scams
In 2022, investment scams were the costliest scheme reported to the IC3. Investment fraud complaints increased from $1.45 billion in 2021 to $3.31 billion in 2022, which is a 127% increase. Within those complaints, cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 billion in 2022, an increase of 183%.
In 2022, the IC3 received 2,385 complaints identified as ransomware with adjusted losses of more than $34.3 million. Ransomware is a type of malicious software, or malware, that encrypts data on a computer, making it unusable. In addition to encrypting the network, the cyber-criminal will often steal data off the system and hold that data hostage until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Although cyber criminals use a variety of techniques to infect victims with ransomware, phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities remained the top initial infection vectors for ransomware incidents reported to the IC3. Once a ransomware threat actor has gained code execution on a device or network access, they can deploy ransomware.
In a recent webinar entitled, “Taking Down Fraudsters in Real Time,” iuvity’s Chief Data and Analytics Officer Edgar Osuna, PH.D., discussed the evolving state of digital banking fraud and the latest technology methods available to fight third-party fraud in real time.
View the replay of the webinar here
To learn more about how iuvity’s fraud prevention solutions can protect your organization and your customers, visit iuviPROFILER.