Top Threats From the FBI’s 2023 Cybercrime Report and How to Protect Yourself

The FBI’s IC3 Internet Crime Report of 2023 indicates the following cybercrimes as the top threats in terms of their cost. The number in brackets signifies the crime’s ranking in terms of how frequently it was reported to FBI law enforcement in 2023.

1. Investment (5)
2. BEC (7)
3. Tech Support (6)
4. Personal Data Breach (2)
5. Confidence/Romance (9)
6. Data Breach (19)
7. Government Impersonation (11)
8. Non-Payment/Non-Delivery (3)
9. Credit Card/Check Fraud (12)
10. Real Estate (14)

We looked at the cost of each crime in the US as well as the number of complaints to put together this list of not only the most common cybercrimes but also those that do the most damage.

In addition to financial costs, there’s also inconvenience and reputational harm to consider for individual users and businesses. In the case of romantic cybercrimes, we can add emotional trauma to the list.

The keys to protecting ourselves against social engineering, phishing, and other computer crimes are as follows:

• Appreciate the risks of cybercrime
• Understand the motivation of cybercriminals
• Understand the top cyber threats
• Adopt good cyber hygiene to avoid being a victim or limit the damage of computer crime

The Risk of Cybercrime

The first thing to understand about cybercrime is that it’s a big business. Worldwide estimates say that cybercrime currently costs us over $10 trillion per year.

To very briefly put all those zeros ($10,000,000,000,000) into context, consider that:

• A million seconds is 12 days.
• A billion seconds is 31 years.
• A trillion seconds is 31,688 years.

The FBI Internet Crime Complaint Center (IC3) report admits that its complaints figures are conservative compared to the true impact of cybercrime. When they busted the Hive ransomware group, for example, they discovered that only 1 in 5 victims had reported the crime to law enforcement.

That said, the IC3 registered more than 880,000 complaints from the US public in 2023, with estimated losses of around $12.5 billion. Compare that with fewer than 470,000 complaints in 2019, which accounted for a comparatively low $3.5 billion in losses.

The best thing you can do to reduce your risk of cyber threats is learn about the problem and take straightforward, accessible steps to prevent yourself from being a victim of malicious activity online.

Understanding Cybercriminals

Here are the main points to consider when it comes to understanding cybercriminals: their motivations, capabilities, and common targets.

Being a Cybercriminal Is a Business

Some cybercriminals work individually. Others go to offices and work in teams. Some are amateurs or opportunists. Many others, however, are dedicated, skilled, and resourceful.

Anyone Can Commit Cybercrime

Just as cybersecurity has improved over the years, the trade tools of cybercriminals have also evolved. It’s possible, for example, for an amateur to purchase ransomware as a service on the dark web so they can hold an individual or business to ransom without any coding or technical expertise. An off-the-shelf ransomware attack like this can even come with a helpdesk.

The same applies to distributed denial of service attacks. The dark web can provide access to tools that facilitate this kind of crime, which can bring down a computer or network, a corporation, or even governments.

It’s (Almost) All About the Money

Cybercriminals are not typically interested in you. They’re profit driven. Their targets are vulnerable people or systems that can give them unauthorized access to data, accounts, or the means to extort. It all adds up to the profit motive.

That said, some cybercriminals act as the Robin Hoods of the cyber world. They delight in bringing down multinational corporations for ethical reasons or performing large-scale cyber attacks to demonstrate how unprepared businesses are.

However, the majority of cybercrimes are about money, pure and simple.

Understanding the Most Common Cyber Threats

By staying informed about the latest tactics used by cybercriminals, you can better safeguard your personal information and financial assets. Let’s look closer.

1. Investment

Number of complaints in 2023: 39,570

Total losses: $4,570,275,683

In 2023, investment cybercrimes were the costliest kind of cybercrime tracked by the IC3. Losses from these scams increased 38% to hit $4.57 billion in 2023 from $3.31 billion in 2022. Investment cybercrime was most prominent in the 30-49 age range.

The overwhelming majority of investment scams in 2023 involved the promise of lucrative returns on cryptocurrency.

2. Business E-Mail Compromise (BEC)

Number of complaints in 2023: 21,489

Total losses: $2,946,830,270

BEC led to almost 21,500 complaints and $2.9 billion in reported losses. This sophisticated scam affects businesses and individuals alike and involves a scammer compromising a legitimate business account to conduct an unauthorized fund transfer. They often request significant sums of money from third-party payment platforms before taking it and running.

The best defense against these attacks is to employ cyber hygiene practices as described in the next section, including multi-factor authentication, verifying email addresses, and not clicking suspicious links.

3. Tech Support

Number of complaints in 2023: 37,560

Total losses: $924,512,658

Well over half of tech support cybercrime incidents reported to the IC3 were reported by elderly people. There were 13,633 complaints to the IC3 in 2019 compared with 37,560 in 2023, so it’s worth keeping an eye out for this increasingly common crime.

Victims are tricked into believing they need urgent repairs to their devices. Having gained remote access to the device, the scammer steals sensitive information or demands money for services not rendered.

4. Personal Data Breach

Number of complaints in 2023: 55,851

Total losses: $744,219,879

Personal information includes details like your address, gender, social security number, and credit card numbers. If a cybercriminal attacks security networks and has the opportunity to read, steal, delete, or modify such confidential information, this is considered a personal data breach.

The stolen data may be sold on the dark web and used for fraud, leading to significant financial and reputational harm.

5. Confidence/Romance

Number of complaints in 2023: 17,823

Total losses: $652,544,805

In a confidence or romance scam, victims are manipulated into thinking that they are friends or romantic partners with someone only to be tricked into disclosing personal information or transferring funds to the criminal.

To avoid these attacks, be cautious about posting information online and research the identities of people you meet.

6. Data Breach

Number of complaints in 2023: 3,727

Total losses: $534,397,222

This is a broader term than a personal data breach. It doesn’t only cover the compromise of personal information, but also a violation or potential violation of an organization, privacy, security, and legislation.

These breaches can result in widespread identity theft, financial loss, and legal consequences for the affected organization.

7. Government Impersonation

Number of complaints in 2023: 14,190

Total losses: $394,050,518

Government impersonation takes place when a scammer pretends to be contacting you from a government agency. They typically use government branding to establish trust, and the tried-and-tested tools of urgency and fear elicit a quick response, often in the form of a quick transaction of funds.

To defend against these attacks, double-check the spelling and grammar as well as the identity of the sender; don’t be in a hurry to respond.

8. Non-Payment/Non-Delivery

Number of complaints in 2023: 50,523

Total losses: $309,648,416

Here’s where you provide goods or services, but you don’t receive payment, or you pay for goods or services, but they don’t arrive. While this kind of scam can occur at any time, it’s more prevalent during the holiday season.

To beat such attacks, don’t click suspicious links on websites or those you receive via email as they could run malicious code.

Double-check the company identity with online reviews or Better Business Bureau ratings, verify contact information, check URLs, and only pay by credit card.

9. Credit Card/Check Fraud

Number of complaints in 2023: 13,718

Total losses: $173,627,614

This kind of fraud is an umbrella term for fraud involving a check or credit card as a fraudulent source of funds. It’s perpetrated in several ways: stealing physical cards or checks, skimming card information, or using phishing techniques to obtain card details online.

10. Real Estate

Number of complaints in 2023: 9,521

Total losses: $145,243,348

This costly attack involves the loss of funds due to fraud pertaining to real estate, a rental property, or a timeshare. Scammers trick people into transferring funds for fake deals. They may be convinced to make large payments upfront, only to discover that the property doesn’t exist or is owned by someone else.

Significant Mention: Other

Understand phishing attempts and spoofing. According to IC3 statistics, phishing attempts have enduring popularity among cybercriminals, with about 300,000 complaints per year over the last few years.

Ransomware attacks continue to be a significant cyber threat, although they didn’t appear in the top 10 cyber threats reported to the IC3 in 2023. This type of malware blocks access to a computer system or encrypts data until a ransom is paid.

Cybercriminals often target critical infrastructure sectors, including healthcare, critical manufacturing, government facilities, IT, and financial services.

Nonetheless, this type of attack can affect any sector and any size of business, resulting in reputational harm, loss of earnings, and even fatal harm to businesses due to destroyed critical data, lost time, and the cost of recovery from such an attack.

Cyber Hygiene: Protecting Yourself Against the Most Common Cybercrimes

Cyber hygiene consists of good practices that can be employed to keep your personal information and your computer networks safe from hackers and other cybercriminals. Good practices can keep you safe from the most frequently-observed cyber crimes as listed in this post.

Physical Security

People often forget physical security threats when considering how to protect computer networks, so prioritize this method of defending your sensitive data. Physical security measures include keeping devices on your person and not leaving them out of sight, storing hard drives behind locked doors, insisting on ID badges or cards to access secure areas, or using CCTV to monitor them.

Strong Passwords

A strong password tends to have 9 or more characters because longer passwords tend to be harder to crack. These characters should consist of a combination of upper and lowercase characters, numbers, and symbols.

Multi-Factor Authentication

Demanding more than one form of ID prevents 99% of cybercrime. Multi-factor authentication occurs, for example, when you’re asked for your password and a one-time, time-limited password is sent to your device.

Virus Checker

Cybercriminals use cutting-edge technology and known security weaknesses to gain unauthorized access to sensitive data. Installing and maintaining anti-virus software keeps devices up-to-date, protecting an operating system, information security networks, and data within from various attacks.

Many also come with the ability to monitor personal data for breaches, reducing the risk from phishing and minimizing the risk of identity theft.

Firewall

A firewall monitors everything being sent from and to a device. It’s an essential piece of software that will protect sensitive information in real time. Even a form on a fake website can lead to the download of malware, so a firewall is essential to monitor this kind of threat.

Education/Awareness

Being able to stop suspicious activity and knowing how to react can dramatically help protect sensitive data.

• Check for poor grammar and spelling as these are signs of spam and fraudulent emails.
• Be wary of a tone of urgency used to inspire fear.
• Beware of requests for payment details by email.
• Businesses rarely demand money by bitcoin or wire transfer.
• Government organizations are unlikely to contact people via social media.
• Check URLs and email addresses to see if they’re misspelled or entirely fake.
• Use Nuwber’s email search service to verify unknown senders’ identities when an email seems suspicious.
• Don’t click suspicious links — just clicking a bogus link can download malicious software to your device.

Preventing Potential Attacks

As social engineering techniques become increasingly sophisticated and hacking technology advances, awareness is key to protecting data from malicious cyber activity. If in doubt, check the identity of people attempting to communicate or perform transactions with you. Only perform a transaction with a trusted source.

If you do fall victim to cybercrime, remember to report the incident. There are several avenues available:

1. FBI’s Internet Crime Complaint Center at https://www.ic3.gov
2. Federal Trade Commission at https://reportfraud.ftc.gov/
3. Your Local Police Department

Reporting helps law enforcement agencies share intelligence to protect confidential information like customer data, intellectual property, and personal information.

FAQ

What are the 10 most common types of cyber attacks?

According to The FBI’s IC3 Internet Crime Report of 2023, the 10 most common (frequently reported) cyber attacks are:

1. Phishing/Spoofing — 298,878 complaints
2. Personal Data Breach — 55,851 complaints
3. Non-Payment/Non-Delivery — 50,523 complaints
4. Extortion — 48,223 complaints
5. Investment — 39,570 complaints
6. Tech Support — 37,560 complaints
7. BEC — 21,489 complaints
8. Identity Theft — 19,778 complaints
9. Confidence/Romance — 17,823 complaints
10. Employment — 15,443 complaints

What are the top 5 cyber crime cases in the US?

The top 5 cyber crime cases in the US are:

• The Russian hacking of a US bank: A sophisticated cyber attack attributed to Russian hackers, targeting a major US bank to steal sensitive information and disrupt financial services.
• The dismantling of a 2-million-computer Botnet: A massive cyber operation that took down a botnet consisting of over 2 million compromised computers used for large-scale cybercrime activities.
• The Melissa Virus: One of the very first and most better-known email viruses, spreading rapidly in 1999 by sending itself to the first 50 contacts in a user’s email address book.
• Operation Shrouded Horizon: An extensive law enforcement operation resulted in the dismantling of the underground cybercrime forum “Darkode,” responsible for a wide range of illicit activities, including selling hacking tools.
• The Morris Worm: Released in 1988, the Morris Worm was among the first computer worms distributed via the internet, which caused significant disruption to thousands of computers, putting into the public eye cybersecurity issues.

What steps can I take to protect my personal information from cybercriminals?

You can protect your personal information by using strong, unique passwords for different accounts, turning on multi-factor authentication, regularly updating your software, and being vigilant about sharing personal details online.

Make sure to validate whoever is asking for sensitive information and never click links from unknown sources or suspicious emails.

How can businesses safeguard themselves against Business Email Compromise (BEC) scams?

Businesses can safeguard against BEC scams by implementing strict email verification processes, conducting training that enables employees to identify phishing e-mails, investing in advanced email security solutions, and laying down clear policies on all financial transactions.

Related Posts