Every year, the FBI receives reports of internet-facilitated criminal activity through their Internet Crime Complaint Center (IC3). The FBI distills the information from these complaints into the annual FBI Internet Crime Report (ICR).

But if you’re not a federal agent or a victim of cybercrime, should you care about the ICR? The short answer: yes! The report contains valuable learnings for businesses and consumers alike. I’ve looked at it through the lens of a trust and safety expert and former fraud fighter. Here are three takeaways from this year’s ICR.

1. Online crime is costlier for victims than ever.

Since the IC3 was established in 2000, cybercrime victims have reported over 3 million incidents to the FBI. On average, the IC3 receives about 280,000 complaints per year. But that average hasn’t changed since the IC3’s inception. Online fraud and abuse – or at least reported online fraud and abuse – remains relatively constant.

What has changed, however, is the amount that victims are losing to online crime. Victims’ total aggregated losses in 2012 totaled $525 million…compared to $1.4 billion in losses in 2016 alone. Cyber criminals target their victims with greater sophistication and efficiency than ever before, and when they win, they win big.

Source: FBI Internet Crime Report 2016

2. Victims aren’t reporting online crime.

Although the FBI receives just a few hundred thousand crime reports each year, one in 10 people is a victim of online crime. That means online fraud and abuse are systematically underreported. When I worked on Facebook’s global anti-spam team, I learned that people often fail to report online fraud and abuse simply because they don’t know it’s an option. Because of underreporting, Facebook sometimes got an incomplete picture of our fraud. I suspect the same is true for the FBI.

To get a better picture of online fraud and abuse, companies like Facebook and institutions like the FBI must prioritize outreach. Unless victims report incidences of cybercrime, people will continue to be taken in by online scams. Even worse, the FBI and the businesses it works with to fight online fraud may find themselves a few steps behind savvy fraudsters.

3. Fraudsters continue to target businesses.

The FBI continued to see a steady increase in fraud targeting businesses rather than individual users. In particular, they saw a sharp rise in business email compromise (BEC) last year. BEC is a scam targeting businesses that regularly make wire transfer payments. To commit BEC, a fraudster uses social engineering or computer intrusion techniques to gain control of a business email account. Once they’ve accessed a business’s email account, the fraudsters will email victims to request money transfers, employees’ W2 forms, and more. B2B businesses were frequent targets: once fraudsters gained control of the business’s email account, they could then steal personal information from the business’s customers, as well.

Last year, the IC3 received 12,005 BEC complaints. How much did these businesses lose? In total, over $360 million. It is worth repeating that these are only the businesses that reported these crimes. There are also numerous cases that aren’t even on the FBI’s radar.

Tags: , ,

Kevin Lee

Kevin is the Trust and Safety Architect at Sift Science. Building high-performing teams and systems to combat malicious behavior are what drive him. Prior to Sift, Kevin worked as a manager at Facebook, Square, and Google in various risk, spam, and trust and safety roles.