{"id":15165,"date":"2019-04-24T09:10:06","date_gmt":"2019-04-24T17:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/04\/24\/news-8914\/"},"modified":"2019-04-24T09:10:06","modified_gmt":"2019-04-24T17:10:06","slug":"news-8914","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/04\/24\/news-8914\/","title":{"rendered":"A look inside the FBI&#8217;s 2018 IC3 online crime report"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 24 Apr 2019 15:57:07 +0000<\/strong><\/p>\n<p>The FBI\u2019s Internet Crime Complaint Center have released their annual Crime Report, with the most recent release focusing on 2018. While the contents may not surprise, it definitely cements some of the bigger threats to consumers and businesses\u2014and not all of them are particularly high tech. Sometimes less is most definitely more.<\/p>\n<h3>What is the Internet Crime Complaint Center?<\/h3>\n<p>Good question. For those not in the know, it\u2019s the FBI\u2019s way of allowing you to <a href=\"https:\/\/www.ic3.gov\/default.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">file a complaint about<span class=\"Apple-converted-space\">\u00a0<\/span>a computer crime<\/a>. If the victim or alleged perpetrator are located in the US, you can file. The information is then handed to trained analysts who distribute the data as appropriate.<\/p>\n<p>They eventually take all that information and turn it into a report. There\u2019s a fair bit in there to chew on\u2014<a href=\"https:\/\/www.ic3.gov\/media\/annualreport\/2018_IC3Report.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">here\u2019s the report<\/a>, in PDF format\u2014but there are some prominent themes on display. Shall we take a look at what\u2019s hot?<\/p>\n<h3>Business Email Compromise (BEC)<\/h3>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/glossary\/business-email-compromise-bec\/\" target=\"_blank\" rel=\"noopener noreferrer\">Business Email Compromise<\/a> is something we mention on here fairly regularly. Someone usually pretends to be the CEO of an organisation, and attempts to pull off a wire transfer via someone else in finance. Cash is often routed through Hong Kong where wires are common, so as not to attract attention.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>It\u2019s a straightforward attack, low risk, small overheads, and if you fire enough out, eventually someone will bite. You only need one successful attack to <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/11\/business-email-compromise-scam-costs-pathe-21-5-million\/\">walk away with millions<\/a>.<\/p>\n<p>In 2018, IC3:<\/p>\n<ul>\n<li>Received just over 20,000 reports of BEC attacks<\/li>\n<li>Declared adjusted losses of over $1.2 billion<\/li>\n<\/ul>\n<p>Those are big numbers, but even bigger when you consider BEC reports the year before were 15,000, and adjusted losses were $675 million. One slightly peculiar twist to the usual \u201csteal your money\u201d approach is this:<\/p>\n<blockquote>\n<p><em>In 2018, the IC3 received an increase in the number of BEC\/EAC complaints requesting victims\u00a0purchase gift cards. The victims received a spoofed email, a spoofed phone call or a spoofed text\u00a0from a person in authority requesting the victim purchase multiple gift cards for either personal\u00a0or business reasons.<\/em><\/p>\n<\/blockquote>\n<p>Not quite as glamorous as Hong Kong wires, and in all honesty it sounds faintly ludicrous at first viewing, but it&#8217;s definitely working for somebody.<\/p>\n<h3>Payroll diversion<\/h3>\n<p>This is an interesting twist on the BEC scams. The attackers don\u2019t waste time pretending to be CEOs. Instead, they go for logins tied to payroll processing systems. Once they\u2019re in, they change the account information and the money is diverted to somewhere controlled by the hacker. They\u2019ll also hide warnings to admins, which would\u2019ve alerted them to deposit information changes. The money will then typically be sent to a<span class=\"Apple-converted-space\">\u00a0 <\/span>prepaid card\u2014yes, prepaid cards are flavour of the month (year?) this time around. From the report:<\/p>\n<blockquote>\n<p><em>Institutions most affected by this scam have been education, healthcare, and commercial airway transportation.<\/em><\/p>\n<\/blockquote>\n<p>From just one hundred complaints, there was a combined reported loss of $100 million dollars. This is frankly astonishing. Phishing can truly be devastating in the right hands.<\/p>\n<h3>Tech support fraud<\/h3>\n<p>Tech support scams feel as though they\u2019ve been around forever, and they\u2019re busy cementing their place in the top three table of awful things. The 2018 tally for these antics weigh in at 14,000 complaints from victims scattered across 48 countries. The losses almost hit $39 million, representing a 161 percent rise from the previous year. Most of the victims are over 60, which fits the general M.O. of going after older targets who may not be aware of the latest happenings in fraud land.<\/p>\n<p>The full report covers topics such as top states divided by both number of victims and victim losses, breakdowns on target age groups, crime types, assets recovered, and much more.<\/p>\n<p>One thing\u2019s for sure: with over 900 complaints a day, roughly 300,000 complaints received per year on average, and something in the region of $2.71 billion in losses accounted for in 2018, online crime isn\u2019t going away anytime soon.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/a-look-inside-the-fbis-2018-ic3-online-crime-report\/\">A look inside the FBI&#8217;s 2018 IC3 online crime report<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/a-look-inside-the-fbis-2018-ic3-online-crime-report\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 24 Apr 2019 15:57:07 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/a-look-inside-the-fbis-2018-ic3-online-crime-report\/' title='A look inside the FBI's 2018 IC3 online crime report'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/04\/shutterstock_552746107.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>The FBI&#8217;s Internet Crime Complaint Center have released their 2018 report about online crime. Which attacks are most popular? Where are the victims located? And how much money has been lost in the process?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/\" rel=\"category tag\">Cybercrime<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/social-engineering-cybercrime\/\" rel=\"category tag\">Social engineering<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/bec\/\" rel=\"tag\">bec<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fbi\/\" rel=\"tag\">fbi<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fraud\/\" rel=\"tag\">fraud<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/phishing\/\" rel=\"tag\">phishing<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/report\/\" rel=\"tag\">report<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/a-look-inside-the-fbis-2018-ic3-online-crime-report\/' title='A look inside the FBI's 2018 IC3 online crime report'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/a-look-inside-the-fbis-2018-ic3-online-crime-report\/\">A look inside the FBI&#8217;s 2018 IC3 online crime report<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[14347,4503,6627,9751,3924,11531,10510],"class_list":["post-15165","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-bec","tag-cybercrime","tag-fbi","tag-fraud","tag-phishing","tag-report","tag-social-engineering"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15165"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15165\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15165"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}