$4.2 Billion Lost in the U.S. to Cybercrime and Fraud in 2020

Internet crime reported to the FBI’s Internet Crime Complaint Center (IC3) soared in 2020, with Americans filing 791,790 complaints of suspected Internet crime—an increase of more than 300,000 complaints from 2019—with losses amounting to more than $4.2 billion.

The 2020 figures represent a 69 percent increase in total complaints reported to the IC3 from 2019, FBI Deputy Director Paul Abbate wrote in the IC3’s annual Internet Crime Report 2020—published earlier this week. Business email compromise (BEC) schemes tallied the highest reported losses in 2020 (19,369 complaints with an adjusted loss of roughly $1.8 billion). Americans also reported high amounts of phishing scams (241,342 complaints with adjusted losses of more than $54 million), and ransomware incidents (2,474 reported incidents). Through its Asset Recovery Team, the IC3 successfully intervened in 82 percent of 1,303 incidents to freeze $380 million from being transferred to fraudsters.

“In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree,” Abbate wrote. “These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society—medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others.”

Internet crime is costly. According to the 2020 Internet Crime Report, victims reported losing more than $4.2 billion to internet crimes, including business email compromise scams, romance scams, and investment fraud, in 2020. https://t.co/xRdQvWORwK pic.twitter.com/H6LAMDNJhA

— FBI (@FBI) March 17, 2021

The IC3 received more than 28,500 complaints related to COVID-19, including that fraudsters targeted the Coronavirus Aid, Relieve, and Economic Security Act (CARES Act), that provided small businesses and Americans with funds to whether the economic crisis of the pandemic. These complaints also reported financial crime around unemployment insurance, Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans.

“One of the most prevalent schemes seen during the pandemic has been government impersonators,” according to the IC3 report. “Criminals are reaching out to people through social media, emails, or phone calls pretending to be from the government. The scammers attempt to gather personal information or illicit money through charades or threats.”

The IC3 has also seen these scams pivot in response to the COVID-19 vaccine distribution effort. Some fraudsters are asking people to pay out of pocket to receive the vaccine, put their name on a waiting list, or get early access.

The IC3 noted that BEC scams (sometimes known as email account compromise scams, EACs), which began with fraudsters spoofing CEOS and CFOs asking for wire transfers, have evolved into schemes that use compromised personal emails, vendor emails, lawyer email accounts, and more with financial transfers involving cryptocurrency.

“In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include extortion, tech support, romance scams, etc., that involved a victim providing a form of ID to a bad actor,” the IC3 explained. “That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.”

The IC3 also saw an increase in ransomware complaints, 2,474 in 2020 compared to 2,047 in 2019. There was, however, a drastic rise in the adjusted losses from 2020 to 2019—just $8.9 million in 2019 compared to more than $29.1 million in 2020.

The FBI does not recommend paying ransoms, but the IC3 did note the trend of cyber criminals increasingly pressuring victims to pay ransoms or have their data destroyed or released to the public.

“Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” the IC3 explained. “Paying the ransom also does not guarantee that a victim’s files will be recovered.”

Other major findings from the report included that individuals 60 years and older were most likely to be victims of reported Internet crimes and fraud (105,301 victims with total losses of $966 million), and Californians filed the most complaints with the IC3 in 2020 (more than 39,000) and experienced the greatest losses (more than $500 million).

Since its inception in 2016, the IC3 has received more than 2.2 million total complaints—298,728 complaints with a total of $1.5 billion in losses in 2016 to 791,790 with $4.2 billion in losses in 2020. These figures represent only reported crimes, however, which means the real amounts are likely higher.