New statistics from the FBI show that more than 847,000 complaints of suspected internet-based crime were made in the past year. Credit: Dimitris66 / Getty Images A new report released by the FBI’s Internet Crime Complaint Center (IC3) shows that financial losses due to suspected cybercrime continued to rise sharply over the course of 2021, to a total of $6.9 billion in that year alone, with 847,000 complaints lodged by victims.Five years ago, the same report showed that internet-based crime accounted for $1.4 billion, on 301,580 complaints. The sharpest and most consistent growth was seen in the area of phishing and other types of credential-based attacks, which rose from about 25,000 incidents in 2017 to nearly 324,000 in 2021.By value, the FBI said, the most damaging internet-based crime in 2021 was business email compromise — the IC3 said that nearly 20,000 complaints about email compromises were received in 2021, and placed total adjusted losses at almost $2.4 billion. This type of scam has evolved considerably from its roots in faked emails and fraudulent wire payment transactions, according to the report. “Now, fraudsters are using virtual meeting platforms to hack emails and spoof business leaders’ credentials to initiate the fraudulent wire transfers,” according to the FBI report. “These fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and quickly dispersed, making recovery efforts more difficult.” These attacks can be highly sophisticated, according to the report. When a CEO or CFO’s email is compromised, hackers can use it to invite employees to a video conference. While in the meeting, the attacker uses a deepfake of the executive’s voice, perhaps coupled with a claim that the video isn’t working, to instruct employees to transfer funds, or even just use the email address to send those fraudulent instructions directly.COVID-19, clearly, gave this type of attack much more traction by causing an explosion in the use of teleconferencing of various kinds, and the fact that those business practices haven’t gone away even in the face of the pandemic’s lessening severity means that attacks targeting virtual meetings are likely to stick around, as well. The FBI also issued guidance for victims of email compromise attacks, namely to immediately contact originating financial institutions to request a reversal and a Hold Harmless letter, file a complaint with IC3, and to avoid making any kind of payment change without verifying on the intended recipient’s end.On a state-by-state level, the hardest-hit U.S. jurisdiction in 2021 was California, with a reported $1.2 billion in losses. Second place was held by Texas with $606 million, and New York was in third place at $559 million. Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security feature Cyber resilience: A business imperative CISOs must get right With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. By Andrada Fiscutean May 16, 2024 12 mins Regulation Incident Response Supply Chain PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe