2023 Internet Crime Report
The FBI’s Internet Crime Complaint Center (IC3) has released the 2023 Internet Crime Report, which is based on internet crimes reported to the IC3. In 2023, as in 2022, phishing/spoofing was the top crime reported, and investment scams were the most financially damaging.
The IC3 received a record 880,418 complaints with associated record losses of more than $12.5 billion, up 10% and 22% respectively from 2022. Keep in mind that these are only reported numbers and just from the American public. The following is a complaint comparison from 2020-2023:
2023 Internet Crime Overview
- Business Email Compromise: There were 21,489 BEC reports with over $2.9 billion in losses. The IC3 notes a trend of criminals using financial custodial accounts for crypto exchanges, third-party processors and phishing.
- Investment Fraud: The losses from investment scams increased from $3.31 billion in 2022 to $4.57 billion in 2023. With this 38% increase, investment fraud became the crime with the heaviest reported losses. Cryptocurrency investment fraud losses increased 53% from 2022 with $3.94 billion lost in 2023.
- Ransomware: There 2,825 ransomware reports with losses of over $59.6 million. IC3 noted 16 critical infrastructure sectors reporting ransomware; healthcare/public health had the most reports followed by critical manufacturing and government facilities.
- Tech Support and Government Impersonation: These two categories of impersonation fraud accounted for over $1.3 billion in losses.
By the Numbers – 2023 Internet Crime Report
Today’s cyber landscape is threatened by a multitude of malicious actors who have the tools to conduct large-scale fraud schemes, hold our money and data for ransom, and endanger our national security. Profit-driven cybercriminals and nation-state adversaries alike have the capability to paralyze entire school systems, police departments, healthcare facilities, and individual private sector entities.
Timothy Langan, FBI Executive Assistant Director
The IC3 was established in 2000 to receive complaints of internet-related crime and has received over eight million complaints since its inception. Its mission is to provide the public with a reporting mechanism to submit information to the FBI concerning suspected cybercrime activity, and to develop effective alliances with law enforcement and industry partners to help those who report.
To confront internet crime, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated Cross-Sector Cybersecurity Performance Goals, “a baseline set of cybersecurity practices broadly applicable across critical infrastructure with known risk-reduction value.” In the performance goals, CISA recommends enabling SPF and DKIM and deploying DMARC with a p=reject policy, the culminating DMARC policy to secure domains from phishing exploits.
Likewise, in a Private Industry Notification, the Cyber Division of the FBI recommends configuring SPF, DKIM, and DMARC to prevent spoofing and to validate email. NIST also provides recommendations and guidelines for enhancing trust in email.
We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
Want to continue the conversation? Head over to the dmarcian Forum.
