The concept that “crime doesn’t pay” harkens back to Victorian times as a saying that was meant to encourage morality and work. This phrase also became a rally cry and ad campaign when the Crime Stoppers community program started in 1976. Unfortunately, in 2019 cybercriminals either haven’t heard this saying or just completely ignored it, because it has been reported that the payoff was in the $billions. It turns out that the Internet Crime Complaint Center does an annual report on what was reported just to the US Federal Bureau of Investigation (FBI) that year.
What Is The Internet Crime Complaint Center?
The Internet Crime Complaint Center (IC3) launched in 2000 as a reporting mechanism to submit information to the FBI on “suspected Internet-facilitated criminal activity and to develop alliances with law enforcement and industry partners.” All information is then “analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.”
According to Wikipedia:
“Since 2000, the IC3 has received complaints crossing the spectrum of cyber crime matters, to include online fraud in its many forms including intellectual property rights (IPR) matters, computer intrusions (hacking), economic espionage (theft of trade secrets), online extortion, international money laundering, identity theft, and a growing list of Internet facilitated crimes. It has become increasingly evident that, regardless of the label placed on a cyber crime matter, the potential for it to overlap with another referred matter is substantial. Therefore, the IC3, formerly known as the Internet Fraud Complaint Center (IFCC), was renamed in October 2003 to better reflect the broad character of such matters having an Internet, or cyber, nexus referred to the IC3, and to minimize the need for one to distinguish “Internet Fraud” from other potentially overlapping cyber crimes”
The good news is they generate an annual internet crime report, the bad news is that the IC3 is also a target of cyber criminals and the website at www.ic3.gov is currently down because it was reported that “Scammers are posing as the Internet Crime Complaint Center (IC3) in order to collect sensitive information.”
Cybercriminals Made $3.5B In 2019
Despite the fact that scammers are posing as the IC3, the 2019 Internet Crime Report reported:
“This year’s Internet Crime Report highlights the IC3’s efforts to monitor trending scams such as Business Email Compromise (BEC), Ransomware, Elder Fraud, and Tech Support Fraud. As the report indicates, in 2019, IC3 received a total of 467,361 complaints with reported losses exceeding $3.5 billion. The most prevalent crime types reported were Phishing/Vishing/Smishing/Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported losses were BEC, Confidence/Romance Fraud, and Spoofing. More details on each of these scams can be found in this report.”
The report goes on to proclaim success for recovery of $300M of the $3.5B:
“Of note, the IC3’s Recovery Asset Team (RAT), which assists in recovering funds for victims of BEC schemes, celebrated its first full year of operation. During its inaugural year, the team assisted in the recovery of over $300 million lost through on-line scams, boasting a 79% return rate of reported losses. We’re also pleased to announce the creation of a Recovery and Investigative Development (RaID) Team which will assist financial and law enforcement investigators in dismantling money mule organizations.”
So, what can you do so that you are not the next organization reporting into the IC3?
How To Prevent Your Organization From Contributing To Cybercriminals’ Bank Accounts
Since most fraud begins with a person, or someone impersonating a person with their digital credentials, then it stands to reason that developing an immutable identity as part of your Identity Access Management infrastructure will be a great first step. The good news here is that new continuous behavioral authentication solutions meet this criterion.
Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.
Download the Intellyx’s whitepaper titled App Authentication Evolves in a World of Compromised Credentials today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.