Criminals continue to find new ways to rip-off people and businesses on the internet.
The FBI’s Internet Crime Compliant Center (IC3) collected more than 269,000 complaints of online scams last year, up 2.5% from the previous year. Losses totaled more than $800 million.
Below, we show some of the biggest types of internet crime last year, as highlighted in IC3’s annual report.
Keep in mind: this data is based on complaints. It’s safe to assume that a huge number of successful scams and losses are never reported.
Internet Scams Hit the Elderly Hardest
People ages 50 and over lose more money than any other age group across all types of “frequently reported” internet crimes in the report.
For example, the charts below compare the demographics and losses in two of the most prevalent types of internet scams: real estate and extortion. As you can see, people over the age of 50 tend to lose a disproportionately large amount of money.
The elderly population has a higher concentration of wealth and often does not possess the same familiarity with online interactions as the younger parts of the population. This makes them popular targets for internet crime.
Romance Scams Run Rampant
Romance and confidence scams were the second most costly internet crime in 2014, according to the IC3 report. They took almost $87 million last year, an average of almost $15,000 per complaint.
These schemes often involve a scammer assuming a fabricated identity and pretending to look for companionship or romance with others online.
The identity is often made to invoke sympathy. It may include family difficulties, poverty, other hardships, or impersonation of military personal. The hope is this will make it easier to solicit money.
Criminals tend to find targets on popular social media platforms, dating websites, and chat rooms. They often look for those that will be more sympathetic to their plight.
The attacker eventually moves in with a prepared script, with the ultimate goal of extracting personal or confidential information, usually to commit credit card fraud.
While romance scams affect many demographic groups, it often disproportionately affects women over the age of 40, who received about 80% of the monetary losses last year.
Business Email Compromises Reign Supreme
Business email scams are one of the largest threats to businesses large and small, with the losses often proving devastating. Victims reported $226 million in losses due to compromised business emails last year.
The targets are often businesses that work with foreign suppliers or businesses that regularly perform wire transfers.
How it happens
Many businesses report having this happen through employee email accounts that were hacked or spoofed. The attackers send an email that requests a change to payment details, switching the destination of the funds to a fraudulent bank overseas.
Needing to create the illusion of communication with trusted business partners, attackers often pair business email scams with romance, lottery, or other scam types. The victims of these secondary attacks can be unwittingly used to help transfer funds to fraudulent banks.
Government impersonation email scams
Another type of popular email scam involves emails that spoof government agencies or high-ranking government officials. About 16 of these complaints a day were received last year with an average $1,450 in losses each.
A large portion of the scams last year spoofed the name of Attorney General Eric Holder and FBI Director James Comey. Tell your users: government agencies do not send unsolicited emails.
Social Media Scams Up 400%
As the popularity of social media has increased, online attackers have also utilized it for more nefarious purposes.
Over the past year, 12% of the complaints submitted to the FBI IC3 involved social media, and these complaints have increased 400% in the last five years.
The FBI details three common methods used by attackers on social media:
- Click-Jacking: This technique allows scammers to hide links under buttons with innocent sounding names such as “like” or “share;” however, when users click on these buttons they unwittingly download malware or send personal information.
- Doxing: This involves an attacker publicly releasing personal information online without authorization from said person.
- Pharming: This attack redirects users that have clicked on a link from legitimate, benevolent websites to fraudulent, malevolent ones. After being redirected, the attacker will often extract confidential data from the victim.
In order to prevent becoming a victim of one of these attacks, the FBI recommends avoiding links or buttons from dubious sources and exercising prudence in posting personal or family information.