top of page
  • Writer's pictureRoy Urrico

Ransomware, BEC and Criminal Use of Crypto High on FBI’s Internet Crime Report

By Roy Urrico

Finopotamus aims to highlight white papers, surveys, analyses, news items and reports that provide a glimpse as to what could, or potentially, impact credit unions and other organizations in the financial services industry.

The FBI’s Internet Crime Complaint Center’s (IC3) 2021 Internet Crime Report revealed ransomware, business e-mail compromise (BEC) schemes, and the criminal use of cryptocurrency are among the most frequent incidents reported. In addition, victims lost the most money to business email compromise (BEC), investment fraud, and romance and confidence schemes

“In 2021, America experienced an unprecedented increase in cyberattacks and malicious cyber activity. These cyberattacks compromised businesses in an extensive array of business sectors as well as the American public,” said Paul Abbate, deputy director of the FBI, in the study.

Abbate added, “In 2021, IC3 continued to receive a record number of complaints from the American public: 847,376 reported complaints, which was a 7% increase from 2020, with potential losses exceeding $6.9 billion,” Abbate noted.. In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion (this number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services).

In addition to the aforementioned statistics, the IC3’s 2021 Internet Crime Report contains information about the most prevalent internet scams affecting the public and offers guidance for prevention and protection. It also highlights the FBI’s work combatting internet crime, including recent case examples.

Source: FBI's 2021 Internet Crime Report.

Threat Overviews For 2021

The FBI’s IC3 provides the American public with a direct outlet to report cybercrimes to the FBI. Here is a summary of reported incidents in 2021:

Business/Email Compromise. In 2021, the IC3 received 19,954 business email compromise (BEC)/email account compromise (EAC) complaints with adjusted losses at nearly $2.4 billion. The report acknowledged BEC/EAC as a sophisticated scam targeting businesses and individuals performing transfers of funds. Frequently, BEC takes place when a subject compromises legitimate business accounts through social engineering or computer intrusion techniques. The IC3 also observed the emergence of newer BEC/EAC schemes that exploit virtual meetings to instruct victims to send fraudulent wire transfers.

Confidence Fraud / Romance Scams. In 2021, the IC3 received reports from 24,299 victims who experienced more than $956 million in losses. “Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and confidence. The scammer uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim,” the report discovered. Scam artists, the report found, often say they are in the military, or a trades-based industry engaged in projects outside the U.S.

Bogus investment opportunities. Many victims of romance scams also reported receiving pressure to take part in investment opportunities, especially using cryptocurrency. In 2021, the IC3 received more than 4,325 complaints, with losses over $429 million, from confidence fraud/romance scam victims who also reported the use of investments and cryptocurrencies to increase accounts before having them drained.

Sextortion. This occurs when someone extorts someone with the threat of distributing private and sensitive material. In 2021, the IC3 received more than 18,000 sextortion-related complaints, with losses over $13.6 million.

Cryptocurrency (Virtual Currency). In 2021, the IC3 received 34,202 complaints involving the use of some type of cryptocurrency, such as Bitcoin, Ethereum, Litecoin, or Ripple. The report said, “While that number showed a decrease from 2020’s victim count (35,229), the loss amount reported in IC3 complaints increased nearly seven-fold, from 2020’s reported amount of $246,212,432, to total reported losses in 2021 of more than $1.6 billion.” IC3 also disclosed cryptocurrency, once limited to hackers, ransomware groups, and others on dark web, is becoming the preferred payment method for all types of scams. The most common scams reported were confidence fraud/romance, investment, employment, and government impersonation.

Crypto Related. The IC3 also noted the following scams using cryptocurrencies:

· Cryptocurrency ATMs, used to purchase cryptocurrency, are popping up everywhere and because regulations on the machines are lax, purchases are almost instantaneous and irreversible. In 2021, the IC3 received more than 1,500 reports of scams using crypto ATMs, with losses of approximately $28 million.

· Cryptocurrency support impersonators, in which crypto owners increasingly fall victim to scammers impersonating support or security from cryptocurrency exchanges.

Ransomware. In 2021, the IC3 received 3,729 complaints identified as ransomware — a type of malicious software, or malware, that encrypts data on a computer, making it unusable — with adjusted losses of more than $49.2 million. “Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally,” the report said. Although cybercriminals use a variety of techniques to infect victims with ransomware, phishing emails, remote desktop protocol (RDP) exploitation, and exploitation of software vulnerabilities remained the top three initial infection vectors for ransomware incidents reported to the IC3.

Tech support fraud. Criminals pose as support or service representatives offering to resolve issues, such as a compromised email or banking account, a virus on a computer, or a software license renewal. In 2021, the IC3 received 23,903 complaints related to tech support fraud from victims in 70 countries. The losses amounted to more than $347 million, which represents a 137% increase in losses from 2020. Most victims, almost 60%, report to be over 60 years old, and experienced at least 68% of the losses (almost $238 million).

Using RAT to Catch Fraud

“IC3’s commitment to cybervictims and partnerships allow for the continued success through programs such as the IC3’s Recovery Asset Team (RAT),” said Abbate. Established in 2018, RAT streamlines communications with financial institutions and FBI field offices to assist in freezing victims’ funds.

In 2021, the IC3’s RAT initiated the financial fraud kill chain (FFKC) on 1,726 BEC complaints involving domestic to domestic transactions with potential losses of $443,448,237. This resulted in a monetary hold placed on approximately $329 million, which represented a 74% success rate.

Here are three examples of RAT’s investigation and recovery efforts:

· Philadelphia. In December 2021, the IC3 received a complaint filed by a victimized roadway commission regarding a wire transfer of more than $1.5 million to a fraudulent U.S. domestic banking account. The IC3 RAT quickly notified the recipient financial institution of the fraudulent account by initiating the FFKC. Collaboration between the IC3 RAT, the recipient financial institution, and the Philadelphia Field Office resulted in learning that the subject quickly depleted the wired funds from the original account into two separate accounts held at the same institution. The financial institution was able to quickly identify the second account and freeze the funds, making a full recovery possible.

· Memphis, Tenn. In June 2021, the IC3 received a complaint filed by a victim law office regarding a wire transfer of more than $198,000 to a fraudulent U.S. domestic account. IC3 RAT collaboration with the Memphis Field Office and the recipient financial institution resulted in learning the domestic account was a correspondent account for a fraudulent account in Nigeria. IC3 RAT immediately initiated the international FFKC, which resulted in freezing the full wired amount.

· Albany, N.Y. In October 2021, the IC3 received a complaint filed by a victim of a tech support scam that involved an unauthorized wire transfer of $53,000 sent from their account to a U.S. domestic custodial account held by a cryptocurrency exchange (CE). The IC3 RAT immediately notified the recipient financial institution and collaborated with the CE that held the account. The immediate initiation of the FFKC with the CE resulted in the freezing funds in the custodial account before fraudsters could deplete or withdraw the cryptocurrency.

bottom of page