28 Jun Summary Analysis: FBI’s 2020 Internet Crime Report
Jonathan L. | Intern
Cybercrime on the Rise
With recent attacks against Colonial Pipeline and a major American meat processor, cyber threats are once again at the forefront of the national news cycle. However, cybercriminal activity extends far beyond the headlines. The Federal Bureau of Investigation is the lead law enforcement agency for investigating cybercrimes and intrusions. As a part of this mission, the FBI began releasing its annual Internet Crime Reportin 2001. The 2020 Internet Crime Report, released in March, details significant rises in cybercrime, monetary losses, and sophistication of attacks in 2019.
Source: FBI, 2020 Internet Crime Report
While cybercrime has been increasing steadily in recent years, 2020 witnessed an alarming spike in malicious activity. According to the Bureau, reported cybercrimes jumped roughly 69% from 2019. This increase in individual crimes also brought a surge in total losses to the tune of $4.2 billion, a 20% increase from 2019. Variation exists between the most common and the most expensive forms of cybercrime. Phishing, non-payment, and extortion crimes represented the three most common forms of cybercrime while business email compromise (BEC), confidence/romance fraud, and investment crimes proved most costly. BEC alone accounted for over $1.8 billion in losses, more than three times that of any other category.
What is Business Email Compromise (BEC)?
BEC attacks are targeted and highly nuanced scams to authorize illegitimate transfers of funds. While BEC attacks can occasionally target individuals (sometimes referred to as an “email account compromise”), the most common and costly iteration of this cybercrime technique targets unsuspecting company employees. By hacking or impersonating the email of a manager or executive, perpetrators attempt to transfer company funds to fraudulent external accounts. According to the FBI’s report, the complexity of this scam technique has expanded over time to include compromise of personal emails, vendor emails, and even spoofed lawyer email accounts.
Age and Cyber Vulnerability
The FBI further categorized its cybercrime data by age group. Ages 30 through 59 suffered similar amounts of cybercrime and monetary loss. In contrast, the 30 and under age block saw the lowest counts in both categories. Individuals 60 and older had the highest propensity of falling victim to cybercrime and suffered the highest total monetary losses. A recent Aspen Institute study also found evidence of cybercriminals disproportionately targeting elderly Americans. This is likely due to the higher vulnerability of older individuals less acquainted with digital technology than their younger, tech-savvy counterparts. However, the FBI does not require age disclosure when submitting a cybercrime report, and therefore age data may be partially incomplete.
Incidents by State
The report also examined cybercrime data by state, with California, Florida, Texas, New York, and Illinois experiencing the most reported total cybercrimes. Total resulting monetary losses followed a similar pattern with California, New York, Texas, Florida, and Ohio claiming the top five spots. After adjusting for population size, the data tells somewhat of a different story.
In terms of victims per capita: Nevada, the District of Columbia, Iowa, Alaska, and Florida hold the top five spots. For per capita monetary losses: North Dakota, the District of Columbia, New York, Missouri, and Colorado saw the highest costs.
Source: FBI, 2020 Internet Crime Report
The United States reported the most incidents of cybercrime in 2020 by an overwhelming margin—more than three times that of the next highest nation. Afer the U.S., the United Kingdom, Canada, India, Greece, and Australia reported the most cybercrime. It remains unclear from the data how much of the separation between U.S. and other countries is due to differences in reporting practices.
Cybercrime and COVID-19
The rising cybercrime documented in the report is likely related to increased internet traffic brought on by the COVID-19 pandemic. Overall web volume swelled dramatically during the global lockdowns, with some estimates putting the jump as high as 70%. As internet traffic increased so too did cybercriminal activity, with total cybercrimes up 69% around the same period. With the increasing pervasiveness of digital transactions, more individuals world-wide—and particularly in the United Sates—could be at risk of becoming victims. Cybercrime sophistication also appears to be on the rise. The days of simplistic “Nigerian prince” email phishing scams may be waning as a number of recent attacks showcased striking levels of specialization. For example, 2020 saw a rash of cyber scams specifically targeting the Coronavirus Aid, Relief, and Economic Security (CARES) Act stimulus payouts as well as Paycheck Protection Program (PPP) loans. Victims in multiple states also reported fraudulent online COVID-related unemployment filings in their name. The damage of these and similar claims was two-fold: not only did the cybercriminals defraud the U.S. government, but victims were also delayed or barred entirely from accessing crucial benefits.
The Dangers of Ransomware
The FBI Computer Crime Center reported ransomware-related losses of roughly $29.1 million in 2020. In comparison to other types of cybercrime listed by the FBI, this number stands relatively low. However, due to the increasing use of this attack method against high-profile targets, the FBI’s report specifically highlights the dangers of ransomware. Some attacks of note include the hacking of Sony Pictures Entertainment in 2014 as well as the aforementioned attacks on global meat processors and Colonial Pipeline in early 2021. Ransomware hacks begin with the instillation of malware, a malicious form of software, onto a victim’s computer system. This infiltration can take many forms: malicious email links, stolen user credentials, or even uploads via USB drives. Once in place, ransomware encrypts user data and renders the system inoperative. After the data is locked, criminal actors hold the data hostage until some form of ransom is paid—often in the form of cryptocurrency. Should a victim refuse to pay ransom the cybercriminal may threaten to delete or publicly leak the data in question.
Origins of Future Threats
The FBI’s report left a key area open to further research. Notably, the data does not include nation of origin information. In light of this, it remains unclear as to whether the majority of perpetrators reside in foreign nations or inside the United States. Experts have long warned of the cybercrime threat stemming from several American adversaries, particularly Russia and China. While the Bureau could not prosecute most foreign cybercriminals, the U.S. could attempt to name and shame offender nations. This sort of political pressure may incentivize other countries to strengthen their domestic cyber law enforcement practices. However, due to the illusive nature of criminals operating in the digital domain, such detailed data may be difficult or impossible to compile.
The digital world is here to stay—and growing rapidly. As cyberspace expands, so too does the potential for malicious internet activity. With the volume and complexity of cybercrimes on the rise, individuals should use diligence and adhere to the FBI’s official Simple Steps for Internet Safety when navigating online.
2020 U.S. Cyber Victims by State*
|Rank||State||Victims Per Capita (100,000)|
|2||District of Columbia||302.1|
2020 U.S. Cyber Losses by State*
|Rank||State||Losses Per Capita (100,000)|
|1||North Dakota||$ 3,386,199.55|
|2||District of Columbia||$ 2,684,059.35|
|3||New York||$ 2,137,464.28|
|16||New Mexico||$ 1,139,987.76|
|17||New Jersey||$ 1,111,517.01|
|29||Rhode Island||$ 723,990.22|
|33||North Carolina||$ 661,790.58|
|47||South Carolina||$ 490,316.18|
|48||New Hampshire||$ 363,996.17|
|49||South Dakota||$ 362,652.84|
|51||West Virginia||$ 269,162.41|