Recognizing the need to collect and assess information on cybercrime, the FBI started the Internet Fraud Complaint Center in May 2000 as a pilot project with the National White Collar Crime Center.
That center turned 20 this spring. Renamed the Internet Crime Complaint Center in 2002, the IC3 logged its 5-millionth complaint in March 2020. All that data has improved the public’s awareness of online crimes and helped the FBI and other law enforcement agencies better address internet-enabled attacks, fraud, thefts and scams.
The crimes catalogued by the IC3 mirror the evolution of the web across two decades, growing in sophistication and number as the internet grows ever more essential to our professional and personal lives.
“The scale, scope, speed, and impact of cyber threats is constantly evolving,” FBI Cyber Division Assistant Director Matt Gorham said. “Criminals are opportunistic, and we’ve seen them rapidly adapt to the cyber environment, creating a variety of schemes to exploit the public and private sector.”
In its first full year of operation, the IC3 logged 49,711 complaints. Most of them revolved around internet auction fraud, non-delivery scams and the West African letter (that now-infamous message from a prince or princess with an untapped fortune they wanted to share with you).
“People still fall victim to that letter and versions of it,” IC3 Director Donna Gregory said. “We still see scams that involve lotteries or windfalls where the victim just needs to pay what they believe are taxes or some fee to receive the winnings or a share of the fortune.”
Losses recorded by the IC3 in recent years reflect the greater financial damage of this evolution. In 2019, victims reported more than $3.5 billion in losses, an average of $7,500 for each of the 467,361 complaints recorded that year. In 2001, the average victim lost $435.
“The more prevailing trend,” said Gregory, who has been with the IC3 since its founding, “is that those early, rudimentary scams have given way to more destructive and costly data breaches and network intrusions, ransomware, romance scams and sophisticated financial crimes like business email compromise.”
Criminals still target individuals, but businesses and organizations are becoming more common targets because of the potential of a larger payout.
Gregory said the IC3 has also seen a shift in the types of criminals perpetrating the illegal activity. Many of the criminals now live overseas, and organized crime groups are on the rise.
“The sophistication of modern online criminals is the most troubling part,” Gregory said. “We used to be able to give people common sense tips to keep them safe; now it is just much harder to tell the real messages and websites from the fake.”
Instead of an impersonal spam message with poor spelling and grammar, the scam might arrive via a well-written email that appears to come from a trusted colleague, business or vendor.
Another enduring trend revealed in 20 years of crime data is that scammers will take advantage of a moment in time to prey on people who want to help or might need help in the wake of a natural disaster or tragic event. The center saw an uptick in charity and disaster fraud reports around the time of Hurricanes Rita and Katrina and after the Boston Marathon bombings.
In 2008, scammers tried to gather banking information from Americans waiting to receive stimulus checks as the nation slipped into recession.
Now, during the COVID-19 pandemic, scammers are working overtime hawking fake cures and investments schemes, selling protective equipment without the inventory on hand and looking to take advantage of a more concentrated online presence during increased telework and distance learning arrangements.
“Criminals and scammers go where there is opportunity,” Gorham said. “Right now, they are exploiting a public health emergency to steal from and deceive people who are vulnerable, worried, or seeking vital supplies and assistance.
“Those early, rudimentary scams have given way to more destructive and costly data breaches and network intrusions, ransomware, romance scams, and sophisticated financial crimes like business email compromise.”