Ransomware, tech-support scams or email fraud: Which cybercrimes cost victims most?

Not all online crimes are equal in their impact.
Written by Steve Ranger, Global News Director

Video: Cryptocurrency-mining malware is targeting IoT devices: Is it worth it?

The FBI has released a report listing the most complained about and most costly internet-related crimes.

The report is compiled from 301,580 consumer complaints of suspected criminal internet activity filed with the agency's Internet Crime Complaint Center (IC3) in 2017. For the year, total reported losses to internet crime stood at $1.41bn -- slightly down on the $1.45bn reported in 2016.

See: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

The internet crime most complained about involves goods or services that were either delivered by the victim but not paid for by the crooks, or paid for by the victim but never received.

Second on the list are breaches of personal data; third come phishing emails, texts or calls apparently from legitimate companies or contacts requesting personal, financial or login details -- often the first step towards other criminal acts.

But the most costly internet crime according to the figures is business email compromise, the scam that targets firms working with foreign suppliers, or simply ones that regularly perform wire-transfer payments.

The FBI said these scams have continued to evolve over the past few years. The classic version sees crooks hacking or faking the email accounts of a company's CEO or CFO and then sending a bogus email to staff, requesting wire payments be sent to accounts controlled by the fraudsters.

But it's not just about money. Crooks have also used fake emails to demand personally identifiable information or wage and tax statements.

The FBI said in 2017, the real-estate sector was heavily targeted, with many victims reporting losses during real-estate transactions. These frauds accounted for $676m in losses, according to the FBI report, ahead of confidence/romance fraud in second place on $211m, and non-payment/non-delivery frauds in third place at $141m.

See: What is phishing? How to protect yourself from scam emails and more

Perhaps surprisingly, other internet menaces don't rank particularly highly in terms of the financial damage caused.

In 2017, the IC3 received 1,783 complaints identified as ransomware with losses of over $2.3m, actually down from the figure of $2.4m in 2016.

Indeed, this seems like a low number considering the damage done by WannaCry and other ransomware attacks last year and perhaps reflects that many of the IC3 reports come from consumers, as the worldwide losses to business from destructive ransomware in 2017 could run into billions.

The report said the FBI does not support paying a ransom in these cases because doing so does not guarantee an organization will regain access to its data, while paying up emboldens the crooks to target others and makes for a lucrative business that attracts other criminals.

However, it noted: "While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."

Tech-support scams are also rising rapidly, though from a low base. In 2017, the IC3 received 10,949 complaints related to tech-support fraud. The claimed losses amounted to nearly $15m, which represented a near doubling of the 2016 figure.

Previous and related coverage

Evidence of stingrays found in Washington, DC, Homeland Security says

The malicious use of the cellular communications devices is a "real and growing risk," a federal official told a US senator.

Windows warning: Tech-support scammers are ramping up attacks, says Microsoft

Windows 10 security won't protect you from tech-support scammers' lies and trickery.

FBI to parents: Beware, your kid's smart toy could be a security risk

The FBI outlines the risks of giving your children a smart toy.

An Internet of Things 'crime harvest' is coming unless security problems are fixed

A senior police officer says IoT manufacturers must be held to account when their products open doors to new ways of committing crimes.

Editorial standards