By: Ronnie Tokazowski
When it comes to tracking cybercrime and the trends around them, many of us in the information security community do is anxiously await the statistics from FBI’s Internet Crime Report, otherwise known as IC3. These numbers are from user-submitted reports and are considered a division of the FBI. The results are in and for 2022 alone, victims lost a total of $10.3 billion dollars. While business email compromise (BEC) has been the number one cybercrime for the last seven years in a row, it looks like a new type of cybercrime has taken the number one spot.
Well…let’s look at the numbers.
What Defines Investment Fraud?
According to the FBI report, investment fraud saw a 127% increase to $3.31 billion dollars in fraud from $1.45 billion dollars in 2021. For this $3.3 billion dollars, crypto investment scams were responsible for $2.57 billion dollars. This can include anything from liquidity mining scams, hacked social media accounts, celebrity impersonations, or real estate scams. For many of these scams, victims will take out extra funds to invest in these opportunities, leaving many of them with massive debts that they have to pay off.
Romance Scams Went Down, BIG Caveat
According to the report, romance scams went down from 24,299 victims in 2021 to 19,021 victims in 2022. Because of the losses romance scam victims only lost $745 million dollars, down by almost $200 million from the previous year. However, this does NOT tell the whole story.
Per FTC statistics, nearly 70,000 romance scam victims reported over $1.3 billion dollars in losses for 2022. In addition, some of these scams do have cryptocurrency investment angles to them, with some of these scams being labeled as pig butchering.
Is this a case where we have almost 100,000 romance scam victims, 70,000 romance victims, or a number somewhere in the middle because victims reported to both FTC and IC3 and these numbers weren’t deconflicted? We don’t know.
Was it Crypto Investment or Pig Butchering? We Don’t Know
One of the things that we know about many types of crypto investment scams is that romance does play a part in some of these. For example, pig butchering scams often have crypto investment angles to them, but not every case of crypto investment is considered pig butchering. With zero mention of pig butchering in this report, it only adds to the confusion about why these attacks have been seen all across the nation yet none of these attacks have been reported to IC3 or the FBI. FBI Albuquerque put out a press release detailing that “FBI is calling attention to a growing investment scam known as ‘pig butchering’” per their press release and we’re unsure if the investment scams count as JUST investment, some addition of pig butchering scams, or if we’re dealing with multiple adversaries who are dabbling in different versions of crypto investment fraud.
So, let’s talk…BEC
BEC has over $2.7 billion dollars in losses, up from $2.3 the previous year. There really isn’t much more to add other than this scam has continued to grow year after year.
What about Ransomware?
According to IC3 statistics, ransomware has caused $112 million dollars over the last three years. For 2022 alone, it was responsible for only $34 million dollars in fraud. While many of these scams don’t get reported to IC3 and while some of the losses are hard to calculate, this has been a sentiment for the last three reports.
Look, I get it. Ransomware is scary. It’s on Mr. Robot, CSI Cyber, and the evening news station when a gas pipeline gets encrypted. These do affect people, however organizations recover and are able to eventually move on.
Romance scam victims aren’t so lucky. And I will continue to be grumpy at the statistics and coverage ransomware gets compared to BEC (over 80x the losses) and investment scams (97x) and romance scams (21x or 38x ).
Investment scams (maybe also known as pig butchering?) is the number one cybercrime for 2022, BEC is no longer the king of cybercrime, and here we are still screaming that we need to care about consumers.