Investment Fraud Surges as Cybercrime Losses Hit $7bn in 2021

Written by

Cybercrime cases reported to the FBI last year racked up nearly $7bn in losses in 2021, with business email compromise (BEC) still by far the biggest money-maker for criminals.

The FBI’s latest Internet Crime Report for last year was compiled from cases reported to its Internet Crime Complaint Center (IC3) over the period.

It found BEC cost victims nearly $2.4bn, up from last year’s $1.9bn but a smaller share of the total $6.9bn in losses in 2021.

While BEC now represents around a third of total losses, down from nearly half, investment fraud has surged into second place with victim losses of almost $1.5bn last year, around a fifth of the total.  This is up significantly from the $336m lost to these scams in 2020, which represented just 8% of total cybercrime losses that year.

It also saw investment fraud leapfrog romance scams, which made around $956m for criminals in 2021.

However, there’s a significant crossover between the two cybercrime types, according to the FBI.

“Many victims of romance scams also report being pressured into investment opportunities, especially using cryptocurrency,” the report explained.

“In 2021, the IC3 received more than 4325 complaints, with losses over $429m, from confidence fraud/romance scam victims who also reported the use of investments and cryptocurrencies, or ‘pig butchering’ – so named because victims’ investment accounts are fattened up before draining, much a like a pig before slaughter.”

In terms of volume, phishing and its variants remained the most popular cybercrime type in 2021, accounting for over 323,000 victims versus the 241,000 in 2020. In total, there were a little over 847,000 complaints made to the IC3, which is likely to represent just the tip of the iceberg of cybercrime.

Worryingly, the FBI received 649 complaints from critical infrastructure (CNI) providers last year that they’d been compromised by ransomware. Healthcare (148) and financial services (89) were the most likely to have been hit.

The figures are doubly concerning as the FBI only began recording such reports from midway through the year, in June.

What’s hot on Infosecurity Magazine?