The FBI’s 2022 IC3 Report provides new insights into cybercrime, offering a detailed look at current trends and some tips to fight back.
The FBI’s 2022 IC3 Report provides new insights into cybercrime, offering a detailed look at current trends and some tips to fight back.
Tom Cronkright
8 minutes
Cybercrime
Apr 13, 2023
Editor's Note: This article refers to findings from the 2022 edition of the report. This report has since been updated. For data from 2023, read our findings.
In 2022, cybercrime losses grew a staggering 47% from the year before, topping $10 billion in reported losses. An incident was reported to the FBI every 39 seconds.
The world of cybercrime is constantly evolving, and staying ahead of the latest threat vectors is essential to protect ourselves, our businesses, and our clients. This is especially true in the real estate industry, in which nearly $3 trillion worth of funds are transacted annually as properties close and mortgages are paid.
Although reported cyber losses reached their highest level, the number of reported incidents was down nearly five percent. This trend suggests that cyber perpetrators are focused on high-value targets and are willing to play a long, sophisticated game to defraud their victims. As the fraud landscape continues to change, the latest 2022 report from the FBI’s Internet Crime Complaint Center (IC3)1 provides insight into the latest trends and threat vectors that must be managed.
Here are some key takeaways from the report and what they mean for you, your customers, and your vendor partners.
One of the most significant findings in the Internet Crime Report 2022 is that investment scams overtook business email compromise (BEC) as the most significant source of financial loss. According to the report, these scams increased from $1.45 billion in 2021 to $3.31 billion in 2022—a 128% jump.
This shift is due to the rise of crypto investment schemes, which are often enabled by so-called "pig butchering" operations. These scams start after the scammer gains the victim’s trust and offers an investment opportunity in a cryptocurrency that promises high returns. In reality, the scammer is operating a fraudulent investment scheme that uses funds from new investors to pay off earlier investors, creating the illusion of profit. After extracting large sums of money from a victim, the scammers vanish, and the scheme is exposed.
This dramatic shift in the use of digital currency in place of fiat currency is a reminder that the world of cybercrime is always changing, and criminals are constantly adapting their tactics to try and stay ahead of law enforcement and security controls.
Business email compromise (BEC) has been the largest source of loss in the annual FBI IC3 reports for the last several years. Despite dropping to second place in 2022, BEC remains a top threat vector. BEC caused $2.7 billion in financial loss in 2022, growing 14% from 2021. The success of this type of scam has been staggering over the past five years, as it has grown from $676 million in reported losses in 2017 to $2.7 billion in 2022.
As the FBI IC3 report explains, BEC is “carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
New technologies—such as caller ID spoofing, artificial intelligence, open source intelligence, and SS7 exploit kits—help cybercriminals expand their use cases and perfect their scams. So long as email, voicemail, and texts continue to be modes of communication, BEC will persist as a key enabler of cybercrimes that we must watch out for.
There is a common perception that cybercrime is mainly targeted at older age groups, often because they are less tech-savvy. However, the IC3 data does not support this notion.
In fact, cybercriminals are becoming increasingly adept at tailoring their tactics to the preferences of each age group, with victims 30-39 years old reporting the largest number of fraud complaints in 2022. For example, younger people may be targeted more often with crypto-related scams, whereas older people are targeted in phone-based, call-center scams.
However you look at this growing problem, the answer is clear: Targeted education and awareness campaigns about recognizing and avoiding common cyber threats aimed at different age groups are just as important as any security technology. In the two largest segments of cybercrime by loss statistics—BEC and investment scams—victims were socially engineered into transferring funds for something they believed was in their best interest. The first (and best) lines of defense against social engineering are education and awareness.
Five states (California, Texas, Florida, New York, and Georgia) make up almost half of all reported losses. California alone accounted for more than 20% of all reported cyber losses, racking up over $2 billion in victim claims in 2022.
These five states stand out due to a combination of factors, including larger population size, greater concentration of valuable real estate properties, and larger transaction volumes. This is important for real estate professionals and home buyers and sellers. We know that these cybercrime rings seek the highest probability of success, so for businesses and consumers in those states, the likelihood of being victimized may remain higher than in other states.
Falling victim to fraud is devastating, but reporting incidents is essential to fight against cybercrime.
Although the FBI’s report provides some remarkable numbers and figures, the team behind the report knows that not everyone who experiences a fraud event reports their losses to law enforcement. This makes it difficult for authorities to track down and prosecute cybercriminals because they need more data points to identify trends and key players. It’s important to give federal law enforcement the data needed to combat these malicious crimes.
Unfortunately, in the time it took you to read this article, at least four new individuals likely fell victim to a cybercrime.
Although this data can be disheartening, shining a light on the problem and rallying involvement from across the real estate industry is a necessary step to push back against the growth of cybercrime. Help spread awareness by sharing the findings from this latest 2022 FBI IC3 report. We created an infographic to help you do that easily.
Want to learn more about cybercrime threats to real estate professionals and how you can boost your cybersecurity? Then take a moment to download the latest CertifID guide, The IT Security Stack for Title Professionals.
1 Federal Bureau of Investigation, Internet Crime Report, 2022
Co-founder & Executive Chairman
Tom Cronkright is the Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud. He co-founded the company in response to a wire fraud he experienced and the rising instances of real estate wire fraud. He also serves as the CEO of Sun Title, a leading title agency in Michigan. Tom is a licensed attorney, real estate broker, title insurance producer and nationally recognized expert on cybersecurity and wire fraud.
Editor's Note: This article refers to findings from the 2022 edition of the report. This report has since been updated. For data from 2023, read our findings.
In 2022, cybercrime losses grew a staggering 47% from the year before, topping $10 billion in reported losses. An incident was reported to the FBI every 39 seconds.
The world of cybercrime is constantly evolving, and staying ahead of the latest threat vectors is essential to protect ourselves, our businesses, and our clients. This is especially true in the real estate industry, in which nearly $3 trillion worth of funds are transacted annually as properties close and mortgages are paid.
Although reported cyber losses reached their highest level, the number of reported incidents was down nearly five percent. This trend suggests that cyber perpetrators are focused on high-value targets and are willing to play a long, sophisticated game to defraud their victims. As the fraud landscape continues to change, the latest 2022 report from the FBI’s Internet Crime Complaint Center (IC3)1 provides insight into the latest trends and threat vectors that must be managed.
Here are some key takeaways from the report and what they mean for you, your customers, and your vendor partners.
One of the most significant findings in the Internet Crime Report 2022 is that investment scams overtook business email compromise (BEC) as the most significant source of financial loss. According to the report, these scams increased from $1.45 billion in 2021 to $3.31 billion in 2022—a 128% jump.
This shift is due to the rise of crypto investment schemes, which are often enabled by so-called "pig butchering" operations. These scams start after the scammer gains the victim’s trust and offers an investment opportunity in a cryptocurrency that promises high returns. In reality, the scammer is operating a fraudulent investment scheme that uses funds from new investors to pay off earlier investors, creating the illusion of profit. After extracting large sums of money from a victim, the scammers vanish, and the scheme is exposed.
This dramatic shift in the use of digital currency in place of fiat currency is a reminder that the world of cybercrime is always changing, and criminals are constantly adapting their tactics to try and stay ahead of law enforcement and security controls.
Business email compromise (BEC) has been the largest source of loss in the annual FBI IC3 reports for the last several years. Despite dropping to second place in 2022, BEC remains a top threat vector. BEC caused $2.7 billion in financial loss in 2022, growing 14% from 2021. The success of this type of scam has been staggering over the past five years, as it has grown from $676 million in reported losses in 2017 to $2.7 billion in 2022.
As the FBI IC3 report explains, BEC is “carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
New technologies—such as caller ID spoofing, artificial intelligence, open source intelligence, and SS7 exploit kits—help cybercriminals expand their use cases and perfect their scams. So long as email, voicemail, and texts continue to be modes of communication, BEC will persist as a key enabler of cybercrimes that we must watch out for.
There is a common perception that cybercrime is mainly targeted at older age groups, often because they are less tech-savvy. However, the IC3 data does not support this notion.
In fact, cybercriminals are becoming increasingly adept at tailoring their tactics to the preferences of each age group, with victims 30-39 years old reporting the largest number of fraud complaints in 2022. For example, younger people may be targeted more often with crypto-related scams, whereas older people are targeted in phone-based, call-center scams.
However you look at this growing problem, the answer is clear: Targeted education and awareness campaigns about recognizing and avoiding common cyber threats aimed at different age groups are just as important as any security technology. In the two largest segments of cybercrime by loss statistics—BEC and investment scams—victims were socially engineered into transferring funds for something they believed was in their best interest. The first (and best) lines of defense against social engineering are education and awareness.
Five states (California, Texas, Florida, New York, and Georgia) make up almost half of all reported losses. California alone accounted for more than 20% of all reported cyber losses, racking up over $2 billion in victim claims in 2022.
These five states stand out due to a combination of factors, including larger population size, greater concentration of valuable real estate properties, and larger transaction volumes. This is important for real estate professionals and home buyers and sellers. We know that these cybercrime rings seek the highest probability of success, so for businesses and consumers in those states, the likelihood of being victimized may remain higher than in other states.
Falling victim to fraud is devastating, but reporting incidents is essential to fight against cybercrime.
Although the FBI’s report provides some remarkable numbers and figures, the team behind the report knows that not everyone who experiences a fraud event reports their losses to law enforcement. This makes it difficult for authorities to track down and prosecute cybercriminals because they need more data points to identify trends and key players. It’s important to give federal law enforcement the data needed to combat these malicious crimes.
Unfortunately, in the time it took you to read this article, at least four new individuals likely fell victim to a cybercrime.
Although this data can be disheartening, shining a light on the problem and rallying involvement from across the real estate industry is a necessary step to push back against the growth of cybercrime. Help spread awareness by sharing the findings from this latest 2022 FBI IC3 report. We created an infographic to help you do that easily.
Want to learn more about cybercrime threats to real estate professionals and how you can boost your cybersecurity? Then take a moment to download the latest CertifID guide, The IT Security Stack for Title Professionals.
1 Federal Bureau of Investigation, Internet Crime Report, 2022
Co-founder & Executive Chairman
Tom Cronkright is the Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud. He co-founded the company in response to a wire fraud he experienced and the rising instances of real estate wire fraud. He also serves as the CEO of Sun Title, a leading title agency in Michigan. Tom is a licensed attorney, real estate broker, title insurance producer and nationally recognized expert on cybersecurity and wire fraud.