U.S. cybercrime losses double

Published 16 March 2010

The value of Internet crime loss complaints in the United States rose from $265 million in 2008 to reach $560 million last year; U.S. businesses lost $120 million in the third quarter of 2009 to phishing and Trojan-based online banking scams, according to figures from the U.S. Federal Deposit Insurance Corporation

U.S. Internet crime loss complaints almost doubled in value from $265 million in 2008 to reach $560 million last year, according to official figures. An annual report of the FBI-backed Internet Crime Complaint Center (IC3), published on Friday, reports that the unit handled 336,655 complaints in 2009, a 22.3 percent increase on 2008.

John Leyden writes that that around 16 per cent of the complaints involved scams where crooks pretend to represent the FBI, while 11.9 percent involved the non-delivery of merchandise or payment, the second most commonly reported allegation of wrongdoing.

Advanced fee fraud scams ranked third with 9.8 percent of complaints. Identity theft and overpayment fraud scams were also common causes for complaints.

Of these complaints 146,663 were referred to local, state, or federal law enforcement agencies. Referred cases commonly involved financial loses, focusing on five categories: non-delivery of merchandise or payment ranked (19.9 percent); identity theft (14.1 percent); credit card fraud (10.4 percent); auction fraud (10.3 percent); and computer fraud or hacking (7.9 percent).

The highest median (average) dollar losses involved reported incidents of investment fraud ($3,200), overpayment fraud ($2,500), and advance fee fraud ($1,500) complainants.

Leyden notes that IC3 takes complaints in many different categories including auction fraud, non-delivery of merchandise, credit card fraud, computer hacking, spam, and child pornography. In addition to fraudulent federal agent cons, popular scam trends for 2009 included hitman scams, astrological reading frauds, economic cons, job site hustles, and pop-up ads for fake antivirus (aka scareware) software.

The IC3 has published an annual report since it began operating in May 2000. Leyden notes that every year since then (with the exception of 2004) has witnessed an increase in the dollar value of alleged scams reported to the agency. These have largely taken the form of steady increases rather than the huge leap recorded in 2009.

In almost related cybercrime trend news, businesses lost $120 million in the third quarter of 2009 to phishing and Trojan-based online banking scams, according to figures from the U.S. Federal Deposit Insurance Corporation. Small businesses lost $25 million as part of these scams, FDIC specialist David Nelson told the RSA Conference earlier this month.

By contrast, regular blaggers made off with less than $9.5 million in robberies of U.S. banks during the last quarter of 2009, security blogger Brian Krebs reports.