Reading the 2017 Internet Crime Complaint Center (IC3) report

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2017 Internet Crime Report, a document that outlines cybercrime trends over the past year.

Here we are to analyze the annual FBI 2017 Internet Crime Report, one of the most interesting documents on the crime trends in the last 12 months.

The first figure that captures our attention show the decrease of ransomware infections reported by Internet users to the US authorities.

During 2017, the FBI received 1,783 complaints regarding ransomware infections, a figure smaller than previous years (2,673 complaints in 2016,  2,453 complaints received in 2015).

“Victims are encouraged and often directed by law enforcement to file a complaint online at www.ic3.gov. Complainants are asked to document accurate and complete information related to the Internet crime, as well as any other relevant information necessary to support the complaint.” reads the report.

This data is very strange considering that almost any security firm reported a dramatic increase in the number of ransomware infections, a possible explanation it that victims did not report the crime to the authorities.

Ransomware is ranked at 24^th for most reported cyber-crime in the US based on the number of complaints received by the authorities. According to the FBI’s 2017 Internet Crime Report, ransomware caused total damages of $2,344,365.

What these numbers show is that victims are (still) not reporting ransomware infections to law enforcement officials, opting in most cases to pay ransoms, restore from backups, or reinstall PCs without filing a complaint.

“In all cases the FBI encourages organizations to contact a local FBI field office immediately to report a ransomware event and request assistance.” states the report.
“In 2017, the IC3 received 1,783 complaints identified as ransomware with adjusted losses of over $2.3 million.”

The top 2017 Crime Types for the number of complaints are Non-Payment/Non-Delivery (84,079), Personal Data Breach (30,904) Corporate Data Breach, and Phishing/Vishing/Smishing/Pharming (25,344)

The analysis of losses caused by crimes received that BEC/EAC ($676,151,185) is prominent, followed by Confidence Fraud/Romance ($211,382,989), and
Non-Payment/Non-Delivery ($141,110,441).

“BEC is a sophisticated scam targeting businesses that often work with foreign suppliers and/or businesses and regularly perform wire transfer payments. The Email Account Compromise (EAC) variation of BEC targets individuals who regularly perform wire transfer payments.” continues the report.

“It should be noted while most BEC and EAC victims reported using wire transfers as their regular method of transferring business funds, some victims reported using checks.” 

Top 20 Foreign Countries by victim sees Canada (3,164) in the first position, followed by India (2,819), and the UK (1,383).

Pierluigi Paganini

(Security Affairs – Internet Crime Complaint Center report 2017,  cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]