Crypto scams more costly to the US than ransomware, Feds say
Latest figures paint grim picture of how viciously the elderly are targeted
The FBI says investment fraud was the form of cybercrime that incurred the greatest financial loss for Americans last year.
Investment scams, often promising huge returns, led to reported losses of $4.57 billion throughout the year – a 38 percent increase from $3.31 billion in 2022. The vast majority prey on those looking to make a quick buck with cryptocurrency, with these kinds of scams contributing just shy of $4 billion to the overall losses.
The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud.
These cons also led to a rise in scams themed around the recovery of funds lost to investment scams, preying on vulnerable victims at their lowest. In some cases, victims would be strung along for long periods of time and convinced to make multiple payments to recovery services that would never reunite them with their stolen funds.
The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI's Internet Crime Complaint Center (IC3). It was barely even a comparison, in fact, with ransomware apparently costing victims just $59.6 million for the entire year.
That figure is adjusted, not including the cost of downtime for businesses still in their recovery phases, for example, but it still seems especially low to a reporter who's covered one-off ransom fees in the $15 million region.
The average ransom demand in the US is also said to be around $1.5 million, and with the IC3's reported 2,825 ransomware-related complaints throughout the year, something isn't adding up.
El Reg asked the feds for clarity but they didn't immediately respond.
A caveat was made in the report regarding the low reporting rates by ransomware victims across the country, and that the data only includes incidents reported to IC3 and not FBI field offices, so it appears the authorities are indeed aware of how low the reported figures seem.
"By reporting the incident, the FBI may be able to provide information on decryption, recover stolen data, possibly seize/recover ransom payments, and gain insight on adversary tactics," it said. "Ultimately, the information you provide will lead us to bring the perpetrators to justice."
As always, the advice given to victims is to never pay the ransom, although it's not illegal to do so.
"Regardless of whether you or your organization decided to pay the ransom, the FBI urges you to report ransomware incidents to the IC3. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks."
Both Business Email Compromise (BEC) attacks and those that involved the impersonation of customer support staff or US government agencies also recorded losses far greater than ransomware and well into the ten figures.
BEC attacks led to more than 21,000 complaints issued to the FBI and adjusted losses of $2.9 billion. Criminals are increasingly involving cryptocurrency in these efforts, often targeting individuals and getting them to send funds to custodial accounts at crypto exchanges where the funds can be quickly moved before the malicious intent is detected.
As for call center scammers, the crime continues to reap rewards, often at the expense of older, more vulnerable individuals.
Nearly half of all complaints (40 percent) were made by over 60s last year and these cases accounted for 58 percent of the total $1.3 billion in losses reported by victims.
Despite authorities' best efforts to make arrests, the crime still continues to soar year-on-year. Tech and customer support scams, which have been around for decades, were up 15 percent last year and government staff impersonation increased 63 percent.
Some scams convince elderly targets to install remote access software, giving the attacker full control of their finances. Others see victims encouraged to move money to a US government agency for "safety," either through the guide of a government worker or someone from their bank or other financial institution.
In 2023 overall, cybercrime cost US citizens $12.5 billion, the report said, with the FBI receiving 2,412 complaints every day.
Sadly, when divided by age group the losses incurred as a result of being victimized by cybercrime steadily rose as victims got older.
The under-20s and 20-29 age groups combined lost $400 million last year. The 30-39s lost $1.2 billion, the 40-49s lost $1.5 billion, those in the 50-59 bracket lost $1.7 billion, and then the biggest jump was seen with the 60 and overs with a total loss of $3.4 billion.
IC3 didn't go any deeper here, but the number of complaints made by the 60 and over age group (101,068) far exceeded that of the 50-59 group (65,924) and all other age groups.
- More victims of fake crypto investor scam speak to The Register
- A tale of 2 casino ransomware attacks: One paid out, one did not
- As lawmakers mull outlawing poor security, what can they really do to tackle online gangs?
- Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes
It suggests that not only are the elderly being targeted more, but also that scams are more successful against them, given the huge increase in reported losses compared to victims in the other age groups.
If this has riled you up and you're a fan of vigilante justice, there is a growing pool of content creators on YouTube that have made careers out of hacking the scammers at the end of call centers. It shouldn't take too long to find something that will take the sting out of what the latest data shows. ®