The 2023 report from the Internet Crime Complaint Center (IC3) exposes the alarming surge in cybercrime and the immense financial losses suffered by both individuals and organizations.
.png?width=1920&height=1080&name=IC3%20report%20(1).png)
On March 6, 2024, the Internet Crime Complaint Center (IC3), released a report on internet crime in 2023. Run by the Federal Bureau of Investigation (FBI), the IC3 collects complaints on cyber crimes. It uses the information to help law enforcement investigate reported crimes, identify trends, and even freeze stolen funds through its Recovery Asset Team (RAT). The RAT also serves as an intermediary between law enforcement and financial institutions. Each year, the IC3 also creates a report to share important information about crime trends with the public to improve awareness and prevent more crimes in the future.
According to the report, the IC3 has averaged 758,000 complaints annually in the last five years. 2023 exceeded the average, with 880,418 complaints made on cyber crimes that resulted in $12.5 billion in losses. Like previous years, the majority of the complaints were made on phishing crimes, followed by personal data breaches, non-payment/non-delivery, and extortion.
The report calls attention to business email compromise (BEC) cases, investment scams, ransomware, as well as impersonators of tech/customer support or government officials.
BEC complaints, where threat actors infiltrate an organization to fraudulently direct funds transfers to themselves, are historically the most widespread and economically impactful incidents reported to IC3. In 2023, the IC3 received nearly 21,500 BEC complaints, with the adjusted losses exceeding 2.9 billion.
There was a significant increase in investment scams in 2023, with the losses from this type of crime surpassing all other crime types ever tracked by the IC3. From 2022 to 2023, there was a 38% increase in the losses from investment fraud, from $3.31 billion to $4.57 billion, and a 53% increase in losses from cryptocurrency-related schemes between 2022 and 2023 – from $2.57 billion to $3.94 billion – drove the spiraling cost into the top ranking.
Out of the 2,825 reports of ransomware the IC3 received, 42% came from organizations in a critical infrastructure sector. The most targeted were the healthcare and public health sector, critical manufacturing, and government facilities, followed by information technology and financial services. The severity of the attacks on the healthcare industry has caused the Cybersecurity and Infrastructure Security Agency (CISA) to release a sector-specific toolkit and for a cybersecurity strategy to be developed. The top ransomware variant affecting critical infrastructure in 2023 was Lockbit, which was recently disrupted by several law enforcement agencies across the globe.
Over $1.3 billion in losses can be attributed to impersonation fraud, where threat actors pretend to be tech/customer support, or government workers. These actors specifically target older populations, with 40% of the complaints (and 58% of the losses) in this category coming from people over the age of sixty. The use of AI may make impersonation fraud more devastating across all age groups, however. Recently, a finance worker manipulated by deepfake technology paid $25 million to scammers, believing that he was sending it to his CFO.
After the US, the IC3 received the most complaints from the United Kingdom, Canada, India, Nigeria and France. In the US, the five states with the most losses were California, Texas, Florida, New York, and New Jersey.
The Internet Crime Complaint Center's (IC3) 2023 report reveals the alarming increase in cybercrime and the staggering losses incurred by individuals and organizations. Enhanced awareness, education, and proactive strategies are necessary to thwart cybercrime and protect against further financial, emotional, and technological damage.