2022 FBI Internet Crime Report
Investment Scams Costliest
The FBI’s Internet Crime Complaint Center (IC3) has released the 2022 Internet Crime Report, which is based on internet crimes reported to the IC3. Phishing continues to be the top crime reported, and investment scams were the most financially damaging.
Though the IC3 received five percent fewer complaints in 2022 the total loss ballooned from $6.9 billion in 2021 to over $10.2 billion in 2022.
By the Numbers – 2022 FBI Internet Crime Report
Internet Crime Overview
- BEC: There were 21,832 BEC complaints with a loss of over $2.7 billion. BEC exploits target organizations and individuals in an effort to redirect funds to fraudulent accounts.
- Investment Scams: For the first time since the FBI has issued the Internet Crime Report, investment fraud was the costliest crime with losses coming in at $3.31 billion; in 2021, losses were $1.45 billion. There was an unprecedented increase in crypto-investment extortion in both victims and financial losses.
- Ransomware: In this threat category, there were 2,385 complaints with $34.3 million in losses. Along with the all-too-common phishing exploit, remote desktop protocol and software vulnerabilities were the top tactics used to deploy ransomware.
- Call Center Fraud: Two kinds of call center fraud, tech/customer support and government impersonation, caused over $1 billion in losses. The criminals behind these scams preyed on the elderly with 46% of the targets over the age of 60 resulting in 69% of the call center fraud financial losses.
The IC3 was established in 2000 to receive complaints of internet-related crime and has received over seven million complaints since its inception. Its mission is to provide the public with a reporting mechanism to submit information to the FBI concerning suspected cybercrime activity, and to develop effective alliances with law enforcement and industry partners to help those who report. Information is analyzed and disseminated for investigative and intelligence purposes for law enforcement and for public awareness.
To help address the plague of internet crime, in March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated Cross-Sector Cybersecurity Performance Goals, “a baseline set of cybersecurity practices broadly applicable across critical infrastructure with known risk-reduction value.” In the performance goals, CISA recommends enabling SPF and DKIM and deploying DMARC with a p=reject policy, the culminating DMARC policy to secure domains from phishing exploits.
Likewise, in a Private Industry Notification, the Cyber Division of the FBI recommends configuring SPF, DKIM, and DMARC to prevent spoofing and to validate email. NIST also provides recommendations and guidelines for enhancing trust in email.
We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
Want to continue the conversation? Head over to the dmarcian Forum.