Americans lost over $4.2 billion to cybercriminals and scammers in 2020, according to FBI figures based on complaints it received.
Over the year, the FBI's Internet Crime Center (IC3) received 791,790 complaints of suspected internet crime, or about 300,000 more than it did in 2019 when the agency recorded estimated losses at more than $3.5 billion.
"In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree," the FBI says in its Internet Crime Report 2020.
SEE: Network security policy (TechRepublic Premium)
Once again, business email compromise (BEC) or email account compromise (EAC) were by far the biggest sources of reported losses, totaling $1.8 billion across 19,369 complaints. That's up slightly from $1.77 billion in reported losses from 23,775 BEC complaints in 2019.
Last year saw a steep rise in BEC complaints stemming from identity theft and funds being converted into cryptocurrency.
The identity theft frequently occurred after a victim provided a form of ID to a tech support scammer or romance scammers. The stolen ID would be used to set up a bank account to receive stolen BEC funds and convert those to a less traceable cryptocurrency, according to IC3.
The technique and switch to cryptocurrency differs from previous years when a senior executive's email address may have been spoofed and used to instruct a subordinate to wire funds to the fraudster's bank account.
The FBI report notes that tech support fraud continues to be a growing problem, but recently victims have complained about criminals posing as customer support for banks, utility companies or virtual currency exchanges.
While the pandemic caused a brief lull in this type of fraud, losses in this category grew to $146 million, or 171% more than losses from 2019. IC3 received 15,421 complaints from victims in 60 countries.
Ransomware is the other threat that won't go away. The IC3 received 2,474 complaints and reported losses of $29.1 million. The report, however, notes that this is an underestimate as it doesn't account for does victim reports made directly to FBI field offices and agents.
"The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim's files will be recovered," the FBI stresses in the report.
The most common type of internet crime type reported to IC3 was phishing (including vishing, smishing, and pharming), with 241,342 complaints. This was more than twice the number of phishing complaints IC3 received in 2019.
Notable rises in reported losses from specific crime types when comparing years (2019 versus 2020) included: confident fraud/romance ($475 million versus $600 million); corporate data breach ($53 million versus $129 million); investment fraud ($222 million versus $336 million); personal data breach ($120 million versus $194 million); ransomware ($8.8 million versus $29 million); and tech support ($54 million versus $146 million).