The FBI Internet Crime Complaint Center (IC3) has released the 2019 Internet Crime Report. The report includes information from 467,361 complaints of suspected Internet crime, with reported losses in excess of $3.5 billion.
The top three crime types reported by victims in 2019 were phishing/ vishing/ smishing/ pharming, non-payment/non-delivery, and extortion. In addition to the 2019 statistics, the report contains information about the IC3, the FBI’s work in combating Internet crime, and the most prevalent scams.
Internet-enabled crimes and scams show no signs of letting up, according to data released by the FBI’s Internet Crime Complaint Center (IC3) in the report. The last calendar year saw both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000.
The most frequently reported complaints were phishing and similar ploys, non-payment/non-delivery scams, and extortion. The most financially costly complaints involved business email compromise, romance or confidence fraud, and spoofing, or mimicking the account of a person or vendor known to the victim to gather personal or financial information.
‘Smishing’ derives its name from SMS Phishing and is the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.
‘Vishing’ comes from the combination of voice+phish: the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
Pharming, a marriage of the words “phishing” and “farming”, is a type of cybercrime very similar to phishing, where a website’s traffic is manipulated, and confidential information is stolen. Pharming is a cyber-attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
Cybercrimes referred to as non-payment/non-delivery are, in non-payment situations, goods and services shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.
Extortion
Threat intelligence experts and research groups have seen a shift of cybercriminals increasingly targeting high net worth individuals, their families and their family businesses.
While high profile and high wealth families are vulnerable to all threats, the last of the top three most reported, extortion, is a threat that may specifically target those of high wealth. Extortion is defined as the unlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution, or public exposure.
As recently as last week, federal prosecutors arrested an ex-convict accused of bilking several students attending one of the country’s most exclusive private colleges, Sarah Lawrence, out of nearly $1 million and forcing some into prostitution or unpaid labor. Prosecutors say Lawrence Ray convinced his victims they owed him money and directed them to drain their parents’ savings accounts. Authorities say one victim was forced into prostitution.
Social engineering can help set the stage for this type of extortion or other cybercrimes. Social engineering involves the use of social media to mine information. Hackers can gain clues about things like wealth status, other family members, property ownership and investments, and challenges and vulnerabilities the family may have through the private details individuals choose to share publicly on social media. Social messages pinpoint travel locations, valuable items in possession while traveling (or left behind at home), and mode of travel; we’ve seen people post images of highly sensitive travel documents and identification, or post an innocent image not realizing that sensitive information was also visible in the image’s background. Cyber thieves can use this information to facilitate a scam.
Setting ground rules for social media use and cybersecurity practices with family members is an effective way to combat social engineering threats. For instance, you may wish to restrict the types of photos or information shared through social media or insist family members set their account visibility to private-only. An excellent start for this discussion is through the Family Constitution. The constitution may include specific amendments regarding social media use, the use of social media by minor family members, security, privacy, consideration for other family members and their privacy when posting on social media, and crisis response should an attempt or successful attack or crime occur.
Educating the family as to potential threats, and having a clear, realistic and actionable policy in place will go far in protecting the family from cybercrime. To learn more about creating a Family Constitution that includes a social media policy, visit our Family Constitution Workshop services page.
To learn more about i3, visit i3resources.com
(Image credit – Image by Gerd Altmann from Pixabay)