FBI released their annual cybercrime report.
Here's what you need to know.
Hello friends,
Today I’m giving you a quick look at what’s in the FBI’s 2021 cybercrime report - what they found, and what we can learn from it.
Understanding what cybercriminals are up to is an important way for us to know how we can protect ourselves online - finding out what works and what doesn’t work for them tells us what we can expect to come our way in the future (in all likelihood the cybercriminals are reading this report and taking notes as well - we shouldn’t let them be too many steps ahead, should we ?).
Let’s begin then.
The FBI releases their annual Cybercrime report that covers Internet criminal activity in the United States for the previous year.
But what if I’m not a US citizen or resident ? Well you should keep reading anyway. As the recent leaks from the Conti Ransomware gang showed, cybercrime is an international affair and once their methods become public you can bet that groups in your area will try to emulate their success, so these aren’t things that only Carolina will ever know.
Some key takeaways :
Cybercrime is a billion-dollar business in the US, and growing.
Almost 7 Billion dollars, actually.
What I want to highlight here is the fact that this graph might paint an imperfect picture of what the biggest threat actually is.
The most lucrative line item on the list is BEC (Business Email Compromise). It makes sense for hackers to target businesses, since these have much more money on hand than the average person and have a financial incentive to pay off the hackers, fix their security issues and go back to doing business.
However, the other items on the list are primarily scams directed at everyday people (be it Romance, Real Estate, Tech Support or Investment scams). If you add those numbers together you’ll see that these Scams have extracted more money from everyday people than businesses.
Conclusion :
Be wary of scams ! Whenever somebody asks you for money online, do your due diligence and use established transfer services (that require ID to be verified).
Oh! and a good rule of thumb to remember : If it sounds too good to be true, it probably is.
Cybercrime is growing FAST.
Not a lot to say here, picture speaks for itself.
Conclusion :
Internet criminal activity brings a lot of revenue potential for interested parties. Criminals will not be leaving this money on the table, we can reasonably expect to see continued growth.
Phishing is the best performing scam.
By far, hackers have seen the best returns from Phishing attacks.
Phishing basically means a malicious message from a hacker that assumes the identity of a trusted party (like your bank, for example) and then asks you to perform an action that discloses personal information (like asking for your bank log-in credentials, for example).
Phishing attacks are relatively easy to pull off and, because they are providing very good return on investment for hackers, are most likely to become more and more prominent and more and more sophisticated.
Conclusion : This one you probably already know. Be cautious when receiving communication from banks or any institution that deals with money. Don’t click on shady links (or scan shady QR codes).
Some communication is legitimate, of course, so you can doublecheck whatever communication you receive by contacting the institution in question yourself using the contact information on their official website.
Furthermore, it’s a good idea to set-up multi-factor authentication wherever you can. If the bad guys get their hands on your password (you can read my advice on how to create a password here) then your account will still be safe if they also need a second authentication factor. (such as a unique code, face ID, etc.).
Sextortion and Romance Scams.
This one seems notable to me because it’s very sensitive.
Couple of points here :
Older folks are most likely to be victims of Romance/Confidence scams.
Sextortion is a growing vector.
Sextortion, if it’s not obvious, means “pay me $ or I will leak your nudes”
FBI saw more than 18.000 cases in 2021. Real number is probably higher because … well … you know why.
And, from the partial report we can get a look at who the most likely victims are.
Conclusion :
Careful with your nudes, my dudes! (I consider ‘dude’ to be a non-gendered term, btw).
How to handle sending spicy pictures of yourself to another consenting adult is a topic that deserves its own post, so for now I leave you with this :
a) Get consent.
b) Only send to known and trusted parties.
There’s more in the report, but these were my key takeaways. It’s not a long read and I strongly urge you to read it when you get a chance.
If not, remember to subscribe to my Sub Stack for free so you don’t miss my highlights next year.
As always, stay safe and sound.
CCS
This post really shocked me with the amount of money that is lost in a year due to poor cybersecurity. The amount that shocked me the most was confidence fraud/ romance scams. Although I am aware of this threat I didn't realize how many people are affected by this scam. The amount of $956,039,740 is a crazy amount of money that is lost due to that scam. One that also shocked me is Business Email Compromise. I would assume that since these businesses have so much money they would have the most protection to prevent cyber crimes but clearly they are still affected by it no matter how much money they have.