The warranty on your car is about to expire. Press 1 to purchase an extension.
Someone has stolen your bank information. Click here to change your social security number.
Your grandchild has been kidnapped. Send money to help us return the child safely.
We get phishing emails like these literally all day long, and now we also get text messages — literally all day long — trying to get us to part with money or private information that can harm us financially.
National do-not-call registries are ineffective. Blocking the number of your cell phone does no good, as the robo-dialers these scammers use seem to have unlimited access to new numbers.
For many of us, these texts and emails are an inconvenience. But for those of us who are unwitting, the damage these come-ons do is very real.
According to a new report by the FBI’s Internet Crime Complaint Center, (IC3), there were 791,790 complaints registered with the center in 2020, reporting losses exceeding $4.1 billion — a 69% increase in total complaints from 2019. And, in the last five years, there were more than 2,211,396 complaints, with more than $13.3 billion in losses reported.
The report noted that in 2020, business email compromise schemes were found to be the costliest — there were 19,369 complaints with an adjusted loss of about $1.8 billion. Moreover, the IC3 saw an increase in the number of complaints related to the use of identity theft and funds being converted to cryptocurrency. The center defines business email compromise as a scam targeting businesses working with foreign suppliers or those regularly performing wire transfer payments.
Phishing complaints also took a big toll, as adjusted losses from 241,342 complaints totalled more than $54 million. In fact, since 2016, phishing complaints have risen from 19,465, a more than 12x increase over those five years.
The coronavirus pandemic created further opportunities for fraudsters to exploit both businesses and individuals, the report stated. In 2020, the report said, more than 28,500 complaints were filed related to COVID-19.
“Most of the IC3 complaints related to CARES Act fraud involved grant fraud, loan fraud and phishing for Personally Identifiable Information (PII),” the center said in its report. “Many victims of this identity theft scheme did not know they had been targeted until they attempted to file their own legitimate claim for unemployment insurance benefits. At that time, they received a notification from the state unemployment insurance agency [or] received an IRS form… showing the benefits collected from unemployment insurance, or were notified by their employer that a claim had been filed while the victim was still employed.”
In its report, the IC3 noted that the elderly are prime targets of these types of fraud, as they usually have larger savings and are less savvy about the ways of the internet. In 2020, the center got 105,301 complaints from victims over the age of 60, and they reported total financial losses of more than $966 million. These people are usually the victims of what the IC3 calls confidence fraud or romance fraud, which plays on people’s heartstrings to trick them into believing a family member, friend or romantic partner needs their money.
The elderly also succumb to tech support fraud, in which a criminal claims to provide customer, security or technical support, offering to fix compromised emails or bank accounts or computer viruses and directing the victims to make wire transfers or purchase large numbers of prepaid cards, the report found.
Another area in which the IC3 received thousands of complaints is identified as ransomware, with adjusted losses of more than $29.1 million. The most common means of computer infection for ransomware, according to the report, are email phishing, in which a malicious link deploys malware when clicked by the recipient; remote desktop protocols, which allows individuals to control a computer’s data and resources over the internet by gaining access via brute-force methods or credentials purchases on the internet; and software vulnerabilities identified by OWASP and other sites.