IC3 Report 2022: 5 Key Takeaways About the State of Cybercrime
Todd Stansfield
—March 21, 2023
—3 min read
Each year, the FBI’s Internet Crime Complaint Center (IC3) publishes annual figures on the Internet crimes publicly reported to the IC3 by victims across the world. By detailing the total cost of reported cyberattacks and the costliest threats, the IC3 report provides valuable insight into the state of cybersecurity for organizations and consumers.
Here are five key takeaways from the IC3’s Internet Crime Report 2022.
1. Cyberthreats cost victims more
According to IC3 data, cyberattacks cost victims more in 2022 than ever before. Over the past five years, Internet crime losses have climbed year-over-year to reach a combined total of $27.6 billion (USD). Last year accounted for $10.3 billion, a more than 49% increase over 2021. While victim losses reached their peak in 2022, the number of cyberattacks fell 5% last year compared to the previous year.
2. Investment scams are the costliest threat
The IC3 report also reveals that investment scams were the costliest reported cyberthreat in 2022, accounting for $3.31 billion in losses, a 127% increase from 2021. Cryptocurrency fraud represented the largest share of this total, imposing a price tag of $2.57 billion, a 187% year-over-year increase.
Investment scams and other types of financial fraud have long been attractive to cybercriminals. Victims tend to be more susceptible to social engineering tactics that involve finances, and successful compromises can give hackers direct access to financial rewards. This explains why our Phishers’ Favorites Year-in-Review 2022 report found that the financial services industry—including investment and cryptocurrency institutions—was the most impersonated sector by hackers globally. It accounted for 34% of all unique phishing websites.
3. Phishing is the top Internet crime by victim count
Phishing remains the most common Internet crime reported by victims. While crimes in the IC3 report may be attributed to more than one crime category, phishing accounted for more than 300,000 reported incidents, more than four times the number of the second most popular crime type (personal data breaches). Like cyberattacks overall, the IC3 reported a 7% decrease in the number of phishing crimes in 2022, while the cost of the attacks increased by 18% to $52.1 million.
IC3’s findings follow similar trends observed and reported by Vade. In 2022, we detected 1.1 billion phishing emails globally, a decrease from the 1.2 billion detected in 2021.
Annual phishing volumes detected by Vade since 2016
Vade researchers have observed a consistent pattern of hackers deploying more targeted and sophisticated attacks instead of historically indiscriminate and broad scale campaigns. This suggests that hackers are committed to improving the quality of their attacks at the expense of quantity and may help explain the increase in victim losses per phishing attack.
4. Business email compromise (BEC) continues to haunt victims
The IC3 report illustrates that BEC attacks (also known as spear phishing) continue to cost victims significantly. The financially motivated attack method, which represented the second costliest in the 2022 report, resulted in damages of more than $2.7 billion, up 14% from $2.4 billion in 2021.
While the damages from BEC attacks remain persistently high, the IC3 identifies the emergence of several new variants of the threat. Schemes targeting investment and cryptocurrency accounts are joining traditional BEC scams, including CEO fraud and gift card scams.
5. Ransomware still wreaks havoc
In 2022, ransomware was a costly and disruptive cyberthreat for the victims included in IC3 report. Overall, the FBI recorded 2,385 victims and combined losses of more than $34.3 million in 2022.
Phishing attacks remain the top method of distributing ransomware, as well as exploiting software vulnerabilities and Remote Desk Protocol (RDP). The report notes an increase in extortion tactics used by ransomware actors against victims. Extortion methods enable hackers to exert more pressure on victims to comply with ransom demands by threatening data loss or leaks.
What the IC3’s findings mean
The latest IC3 report confirms the uncomfortable reality for organizations of all sizes and industries. Cyberattacks are inflicting more damage than ever across nearly every major crime category—including phishing, malware, and BEC. And the common denominator remains email, the top vector for cyberthreats before and after an initial compromise.
Safeguarding your business and clients in 2023 calls for leveling up your email security. Vade for M365 is a collaborative email security solution for Microsoft 365 blocks and remediates advanced phishing, BEC, malware and ransomware, and other email-borne threats with a collaborative AI engine that catches what Microsoft misses. Vade’s AI engine continuously learns from an alliance of more than 1.4 billion protected mailboxes, millions of daily user reports, and a team of cybersecurity analysts.