These are the FBI’s top online crimes

The US Federal Bureau of Investigation has published its annual internet crime report for 2021. We’ve dived in to see which are the biggest threats to watch out for this year.

Although FBI’s focus is obviously the United States, the report includes international crime and is a valuable sample that represents the threats we see elsewhere in the world, too. The organisation saw 847,376 complaints, reporting financial losses of $6.9 billion due to online scammers and other criminals.

Unsurprisingly, many of the top threats hinge on social engineering attacks, where users are tricked into handing over login credentials or transferring money to scammers. These cons are sometimes elaborate, involving long periods spent befriending their targets or high-tech approaches such as “deep fake”audio, in which a business executive’s voice is imitated through machine learning.

The agency has helpfully analysed the tactics, threat vectors, total losses and trends in internet crime. You can read the full 33-page report in PDF format here. I’ve used that data to put together a list of the online threats you should be looking out for right now.

The top five cybercrime threats

Phishing/Vishing/Smishing/Pharming

We know that phishing is the gathering of personal data by tricking internet users into thinking they’re logging into a legitimate website while their credentials are, in fact, being stolen. Vishing refers to a the same tactics being used over the phone, Smishing involve SMS messages, and pharming involves created a fake website to collect credentials and using technical methods such using vulnerabilities in individual PCs or entire networks to direct DNS requests for the real site to the fake.

323,972 attacks of these kinds were reported to the FBI in 2021, with financial losses of $44,213,707.

Non-payment/non-delivery

As online shopping is ubiquitous, especially during a public health crisis, two types of retail fraud appear high up the list. Non-payment fraud is when goods are shipped but never paid for by the customer, while non-delivery is when payment is send but goods either never appear or are of worse quality than advertised.

82,478 non-payment/non-delivery scams were reported to the FBI in 2021, at a cost of 337,493,071.

Personal data breach

This is when your personal data ends up in either an untrusted environment (such as an online database that no one bothered to set a password or access restrictions for) or a security incident in which a person’s (or, more often many people’s) confidential data ends up in the hands of an unauthorised individuals, such as when a businesses’ financial transaction records are accessed by a criminal.

51,829 breaches were reported to the FBI, with an associated $517,021,289 in financial losses. We bang on about regularly checking to see if your data was in any breaches and using a password manager (see our recommended best password managers guide) to mitigate this risk.

Identity theft

When someone steals and uses your personal information (such as your address, national insurance number, bank details or social media account) to commit other crimes, from taking out credit cards in your name to tricking people who respect you into giving them cryptocurrency. $278,267,918 was lost to 51,629 cases identity theft reported to the FBI.

Extortion

A very old-fashioned crime that’s still going strong in the internet age, the FbII describes extortion as the “unlawful extraction of money or property through intimidation or undue exercise of authority.

It may include threats of physical harm, criminal prosecution, or public exposure.” It highlights the prevalence of “sextortion” as an internet crime, in which a criminal threatens to disseminate sexually compromising images or information about a victim if they aren’t paid off.

Extortion cost 39,360 people a total of $60,577,741. Almost half (more than 18,000) of those cases involved sextortion.

The runners-up

Not far behind those are Confidence Fraud/Romance, in which internet users, overwhelmingly over the age of 60, are tricked into believing that a criminal has a romantic interest, genuine friendship or familial relationship (as in grandparent scams, where a scammer pretends to be a younger relation in need of them) and tech support scams, where criminals provide fake customer support to gain access to login credentials, computers or assets owned by the victim.

Many different types of scam involve pressuring or convincing the victim to purchase or transfer cryptocurrency, while Business Email Compromise (BEC) fraud, where executives’ credentials are compromised and their identities impersonated to transfer money to scammers, along with ransomware remain key threats to enterprise IT.

The most costly fraud types were BEC, accounting for almost two and a half billion dollars, investment scams (often a part or the entire goal of other types of scam) and and confidence fraud/romance, at almost a dollars.