FBI 2022 IC3 Report Key Findings: Phishing, BEC, and Ransomware Remain Top Threats

Every year, the [FBI’s Internet Crime Complaint Center (IC3)]( receives over half a million complaints from individuals and organizations who have fallen victim to or have been targeted by cybercriminals and their damaging scams. In 2022, the center received over 800,000 complaints, a slight decrease from the previous year. While the number of reported complaints may have decreased, the reported losses attributed to them continued to rise significantly with over *$10 billion in reported losses in 2022 alone* (up from $6.9 billion in 2021).

[Business email compromise (BEC)](, phishing, and investment scams are the top incidents reported in 2022. **BEC complaints alone resulted in a reported loss of upwards of $2.7 billion dollars, putting it in 2nd place on the list of crime types when ranked by financial losses.** The number one ranking crime type in 2022 by losses was investment scams, with a combined loss of $3.3 billion reported by victims.

Below, we break down some of the key findings from this year’s [Internet Crime Report 2022](, released by the FBI on March 10th, 2023.

## **5 Key Findings from the FBI’s 2022 Internet Crime Report (IC3)**

### **Loss Per Cybercrime Incident has Skyrocketed**

Sadly, losses have climbed to an all-time high, totaling over $10 billion in 2022, despite there being a 5% decrease in the number of reported complaints to the FBI. When we look at an overview of the last 5 years of data, the report highlights a steady year-over-year increase in the losses reported (2018 – 2022).

![Cybercrime Losses Reported to FBI 2022 ](×2322/c4fb78df3f/cybercrime-losses-2022.png “Cybercrime Losses Reported to FBI 2022 “)

### **BEC and Phishing Remain Top Crime Types**

The report also looks at the top 5 crime types reported over the last 5 years. Of the 5 most popular crime types, phishing dominates with the highest report rates for the last 3 years when compared with other types of crimes. **Phishing alone is responsible for over 300,000 victims in 2022 with $52 million in losses, an 18% increase from 2021.**

**Losses attributed to Business Email Compromise (BEC) have also continued to rise, with a reported 2.7 billion stolen in 2022.** The report also highlights the evolution of BEC scams and how hackers are more frequently utilizing this method to target investment accounts as opposed to just traditional banking accounts, stating that:

> These schemes historically involved compromised vendor emails, requests for W-2 information, targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. More recently, fraudsters are more frequently utilizing custodial accounts held at financial institutions for cryptocurrency exchanges, or having victims send funds directly to cryptocurrency platforms where funds are quickly dispersed. – IC3 Report, 2022

![Reported Financial losses from BEC 2022 ](×2658/e97a9c9279/bec-losses-reported-fbi.png “Reported Financial losses from BEC 2022 “)

### **Investment & Cryptocurrency Scams Top $3 Billion in Losses**

In 2022, investment scams were responsible for the largest financial loss. According to the FBI,

> Investment fraud complaints increased from $1.45 billion in 2021 to $3.31 billion in 2022, which is a 127% increase.

Crypto-investment scams significantly increased by 187% between 2021 and 2022 with $2.57 billion in losses reported in 2022. Tactics used for these crypto-investment scams range from liquidity mining, hacked social media accounts, celebrity impersonation scams, and employment scams. Many of these tactics involve enticing victims to take part in a too-good-to-be-true investment opportunity, only for the bad actor to then walk away with their money.

### **$34 Million Lost in Ransomware Attacks**

[Ransomware]( continues to be incredibly dangerous and pervasive, especially considering attacks look to target critical infrastructure. Such attacks can have negative effects on the larger population and not just on the isolated organization. **Reported adjusted losses from ransomware attacks in 2022 stand at $34 million.**

> Although cybercriminals use a variety of techniques to infect victims with ransomware, phishing emails, Remote Desktop Protocol (RDP) exploitation, and exploitation of software vulnerabilities remained the top initial infection vectors for ransomware incidents reported to the IC3. – IC3 Report, 2022

The sectors most frequently victimized by ransomware attacks in 2022 included healthcare and public health, critical manufacturing, and government facilities. The top 3 ransomware variants that were reported by critical infrastructure organizations that were victimized include LOCKBIT with the most reported incidents, followed by ALPHV/BlackCat, and lastly HIVE.

### **Illegal Call Centers Defraud Thousands of Victims**

Bad actors continue to pose as well-meaning customer support centers and government agencies to trick victims into handing over their money and personal data. **Losses related to support fraud totaled $1 billion in 2022.** Government impersonation attacks are up 68% and tech and customer support impersonation scams are up 132% since 2021. Sadly, this crime type overwhelmingly targets the elderly, with 69% of victims being over the age of 60.

## **Safeguard Your Organization from BEC, Phishing, and Ransomware Threats**

The FBI’s 2022 IC3 report shines a light on the continual and relentless attacks carried out by cybercriminals against organizations. **Email remains the most popular attack vector for cybercriminals to target organizations when attempting to steal money and confidential data.** Relying on end-users and security teams to manually detect and sort through email threats is both risky and burdensome.

With Armorblox, you’re able to leverage the power of natural language understanding (NLU) to detect and automatically remediate malicious emails before they hit your end-users inboxes while protecting sensitive outbound data from leaving the organization.

Take our quick product tour to see how Armorblox can protect your organization from cyber threats and data loss.