Ransomware, tech-support scams or email fraud: Which cybercrimes cost victims most?
Not all online crimes are equal in their impact.
The FBI has released a report listing the most complained about and most costly internet-related crimes.
The report is compiled from 301,580 consumer complaints of suspected criminal internet activity filed with the agency's Internet Crime Complaint Center (IC3) in 2017. For the year, total reported losses to internet crime stood at $1.41bn -- slightly down on the $1.45bn reported in 2016.
The internet crime most complained about involves goods or services that were either delivered by the victim but not paid for by the crooks, or paid for by the victim but never received.
Second on the list are breaches of personal data; third come phishing emails, texts or calls apparently from a legitimate companies or contacts requesting personal, financial or login details -- often the first step towards other criminal acts.
But the most costly internet crime according to the figures is business email compromise, the scam that targets businesses working with foreign suppliers, or simply ones that regularly perform wire transfer payments.
The FBI said these scams continue to evolve over the past few years. The classic version sees crooks hacking or faking the email accounts of a company's CEO or CFO and then sending a bogus email to staff, requesting wire payme
nts be sent to accounts controlled by the fraudsters.
But it's not just about money. Crooks have also used fake emails to demand personally identifiable information or wage and tax statements.
The FBI said in 2017, the real-estate sector was heavily targeted, with many victims reporting losses during real-estate transactions. These frauds accounted for $676m in losses, according to the FBI report, ahead of confidence/romance fraud in second place on $211m, and non-payment/non-delivery frauds in third place at $141m.
Perhaps surprisingly, other internet menaces don't rank particularly highly in terms of the financial damage caused.
In 2017, the IC3 received 1,783 complaints identified as ransomware with losses of over $2.3m, actually down from the figure of $2.4m in 2016.
Indeed, this seems like a low number considering the damage done by WannaCry and other ransomware attacks last year and perhaps reflects that many of the IC3 reports come from consumers, as the worldwide losses to business from destructive ransomware in 2017 could run into billions.
The report said the FBI does not support paying a ransom in these cases because doing so does not guarantee an organization will regain access to its data, while paying up emboldens the crooks to target others and makes for a lucrative business that attracts other criminals.
However, it noted: "While the FBI does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."
Tech-support scams are also rising rapidly, though from a low base. In 2017, the IC3 received 10,949 complaints related to tech-support fraud. The claimed losses amounted to nearly $15m, which represented a near doubling of the 2016 figure.