The most prevalent cyberscam in 2009 used the good name of the Federal Bureau of Investigation (FBI) to dupe victims out of money or personal information, the FBI reported last week.
Almost one out of five complaints received by the Internet Crime Complaint Center (IC3)—a joint partnership between the FBI and the nonprofit National White Collar Crime Center (NW3C)— identified receiving fraudulent e-mails from senders claiming to be the FBI, according to the partnership's 2009 report released on Friday.
In late October, the IC3 issued its latest warning on its Web site describing fraudulent e-mail spam that name drops the FBI.
The current spam alleges that the Department of Homeland Security and the Federal Bureau of Investigation were informed the e-mail recipient is allegedly involved in money laundering and terrorist-related activities. To avoid legal prosecution, the recipient must obtain a certificate from the Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370. The spam provides the name of the EFCC Chairman and an e-mail address from which the recipient can obtain the required certificate.
The FBI scam, however, was just the leading example of a spiraling cybercrime wave that gets worse and worse each year. In 2009, the IC3 received 336,655 complaint submissions—a 22 percent increase over 2008. The second most frequent complaint was non-delivery of merchandise or payment, which was 12 percent of the total.
The economic damage cyberthieves inflicted dramatically increased in one year as well. Of the 146,663 complaints the IC3 referred to local, state, and federal law enforcement for further consideration, the reported losses totaled $560 million—more than double the losses reported to law enforcement in 2008. The median average loss due to reported cybercrime in 2009 was $575 but ballooned to $5,580 when using the mean average of all losses.
“The figures contained in this report indicate that criminals are continuing to take full advantage of the anonymity afforded them by the Internet," NW3C Director Donald Brackman said in a statement. "They are also developing increasingly sophisticated means of defrauding unsuspecting consumers."
The IC3 also notes that its numbers do not adequately reflect the amount of cybercrime occurring each year. "[R]esearch indicates that only one in seven incidents of fraud ever make their way to the attention of enforcement or regulatory agencies," accord to the report, using NW3C research from 2006.
The report also offers a broad profile of cybercriminals based on the complaints. Approximately three out of four were male and 65 percent hailed from the United States. The area with the highest per capita rate of cybercriminals was Washington, D.C., followed by the states of Nevada, Washington, Montana, and Utah.
(For more on attempts to profile hackers, see this month's book review "Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking," by William Stepka, CPP, CISSP.)
The report also broke down the victim's demographics with men more likely than women to be victimized. Men also tend to lose more money than women: $650 versus $500, using the median average.
The IC3, however, warns readers that just because they don't fit into a certain demographic shouldn't make them feel invulnerable.
"Anyone who uses the Internet is susceptible."
♦ Screenshot of IC3 Report Cover, "2009 Internet Crime Report"