Investment fraud leapfrogged business email compromise (BEC) last year to become the top-earning cybercrime category, costing victims over $3.3bn in 2022, according to the FBI.
The Internet Crime Report 2022 is compiled by the bureau’s Internet Crime Complaint Center (IC3) from reports filed with it by global consumers and businesses over the year.
Total cybercrime losses for 2022 were estimated at $10.3bn on the back of nearly 801,000 complaints. Although the latter figure rose 49% on the previous year’s total, the number of complaints actually fell by over 46,000.
Investment fraud was the clear winner for cyber-criminals, with profits surging 127% year-on-year. The FBI said losses from crypto-related fraud grew even more (183%), from $907m in 2021 to $2.57bn in 2022.
Read more on investment fraud here: Investment Scams Drive $9bn in Fraud in 2022
Elsewhere, the tech support category moved sharply up the rankings to third place by total losses. It made cyber-fraudsters $806.6m last year, a 132% annual increase.
That puts it above romance fraud and personal data breaches, in fourth and fifth respectively. While the breaches category expanded by 44% to over $742m in losses, romance fraud contracted by 23% to nearly $736m in losses for the year.
Despite losing its place as the highest earning cybercrime type, BEC managed to grow at over 14% to reach estimated losses of over $2.7bn in 2022. The FBI said bad actors are increasingly spoofing legitimate business phone numbers to confirm fraudulent banking details with their victims.
Over the past five years alone, the IC3 has processed over 3.2 million complaints linked to $27.6bn in losses. Last year was the first over that time in which the number of complaints actually dropped.
The IC3 received 2385 complaints about ransomware last year, estimating losses at $34.4m. However, these figures are likely to represent just the tip of the iceberg as many ransomware breaches go unreported and loss estimates do not include lost business, time, wages, files, equipment or third-party remediation services used by victims.
Phishing remained the most popular form of cybercrime, despite the number of complaints dropping slightly (-7%) to just over 300,000 for the year.