The FBI recently released its annual Internet Crime Report, revealing its 2023 fraud analysis. The Internet Crime Complaint Center (IC3), which gives the public a direct way to report crime to the FBI, received a record number of complaints last year:
- There was an almost 10% increase in complaints received compared with the prior year, with an average of more than 2,400 per day.
- Potential losses exceeded $12.5 billion – a 22% increase in the value of losses suffered compared with the 2022 data.
The IC3 reported data shows that $173,627,614 was lost to credit card and check fraud, and $652,544,805 was lost to confidence and romance scams. Meanwhile, complaints connected with personal data breaches accounted for losses of $744,219,879. Overall, our team estimates that $2.5B of the fraud reported by the IC3 for last year started out at the online account level – login or sign up. And don’t forget, in many cases people don’t report cybercrime, which means that actual fraud numbers and associated financial losses are even greater than those in the report.
The rising volume and impact of fraud is evidence that playing a game of whack-a-mole with bad actors won’t work as a primary strategy. Fighting off individual fraud attempts could delay losses, but oftentimes, those attackers simply come back stronger, and in greater volume, by using automated bots.
To fight fraud effectively, businesses need strong deterrents. A good defense strategy is one that targets the ROI of crime: sabotaging the profits of financially motivated cybercriminals will render the attack unviable. It’s also interesting to think about where these attacks start. By detecting and stopping these threats at account sign-in and account registration, what we call top of the funnel, companies stop the crime before it can start.
Let’s look at some key findings in the IC3 report, and consider what this could tell us about recent cybercrime trends plus how businesses should respond.
Bad Actors Go After Investments
Investment fraud surged last year. Losses connected with investment scams totaled $4.57 billion in 2023, an increase of 38% compared with 2022. These scams focus on deceptively inducing investors to make purchases based on false information, with the promise of large returns and minimal risk. It follows the spike that the IC3 saw in cryptocurrency investment schemes in 2022, where criminals typically based overseas defrauded victims, doing more than $2B in damage.
We’ve long seen trends of fraudsters honing their scams ahead of targeting higher value accounts and assets. The data shows that bad actors are strategically focusing on these high-value fraud types, a pattern highlighting the importance of strong anti-fraud measures for financial institutions.
Phishing Attacks Continue at Scale
This attack type comprised by far the highest volume of reported cases in the recent IC3 report, with more than 298,000 instances. Using unsolicited email, text messages and telephone calls purportedly from a legitimate company, fraudsters target individuals by requesting personal information, financial details and/or login credentials.
And these manipulative schemes continue to get more prevalent and more advanced. Proactive detection of man-in-the-middle fraud attempts, which use reverse proxies to take consumers to a phishing site, can help your company to protect your customers. For example, you can alert them when their details may have been stolen, and inhibit the theft of 2FA and MFA codes that fraudsters commonly use to take control of accounts. With real-time detection of advanced phishing attack attempts made against your customers, you can block the bad actor and warn your client base before more people fall into the same trap.
No Industry Is Safe From Fraud
Of 16 critical infrastructure sectors, the IC3 reporting indicated that 14 of these sectors had at least 1 member that fell to a ransomware attack in 2023. IT and financial services were among the most affected infrastructure sectors, according to the data.
Plus, the IC3 data shows that businesses were heavily targeted with business email compromise (BEC) scams last year. This fraud type starts with the compromise of an email account and other communication channels, such as phone numbers or even virtual meeting applications. The criminal might use social engineering tactics to instill urgency and coerce an employee into making an unauthorized transfer of funds. It was the second costliest type of crime last year, with $2.9 billion in reported losses.
Fighting online fraud, scams, social engineering threats, etc. means staying vigilant, and we help our customers, the most recognizable enterprises in the world, to do just that, with the Arkose Global Intelligence Network data: a consortium for intelligence sharing. Our threat research unit, ACTIR, proactively uncovers attack networks, and we provide more than 125 real-time risk signals, with a network effect that means that everyone benefits from threat intelligence about emerging risks.
It all adds up to the same conclusion: Bad actors are showing no signs of slowing down in their attacks, and businesses in all industries should stay on top of the threat landscape.
To learn more about our platform, which is built on a foundation of advanced technology, visit Arkose Bot Manager.
Share The Blog
