The FBI has received a total of more than four million Internet crime complaints from users since the year 2000.
According to its Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, the Bureau received its four millionth Internet crime complaint on 12 October 2017. Users submitted tens of thousands of additional reports in the first five months of 2018. As of 7 May 2018, this activity increased the total number of complaints collected by the IC3 since its founding in 2000 to 4,063,933 at an average of 284,000 per year or more than 800 per day.
2017 surpassed those averages. Over the course of the year, the FBI acquired 301,580 complaints. Reported losses stemming from those filings exceeded $1.4 billion.
Breaking down those figures, some crime types were more costly than others. Business email compromise (BEC) scams, for example, led the pack at $676,151,185. In so doing, it was more expensive than the six crime types that followed: confidence fraud/romance ($211,382,989), non-payment/non-delivery ($141,110,441), investment ($96,844,144), personal data breach ($77,134,865), identity theft ($66,815,298) and corporate data breach ($60,942,306).
Those crime types also varied in the number of victims they claimed. Non-payment/non-delivery, instances where goods are shipped out but never paid for or where payment is received but goods and services aren’t delivered, ranked on top at 84,079 victims. It was followed by personal data breach and the most common types of phishing (including vishing, smishing and pharming) at 30,904 and 25,344, respectively.
The FBI received 90 percent more filings of tech support fraud in 2017 than it did the previous year. Over the same period, it received 1,783 complaints of ransomware, which was down from 2,673 in 2016.
The Bureau re-articulated its stance in the report that organizations should never fulfill ransomware attackers’ demands:
The FBI does not support paying a ransom to the adversary. Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved.
Given that perspective, users and organizations alike should instead take steps to prevent a ransomware infection as well as to detect BEC scams and other threats.