The Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) has an annual Internet Crime Report, which contains critical insights into cyber threats based on aggregated data from complaints reported during the last calendar year. The 2023 report reveals large increases in both the frequency and financial impact.
In 2023, the IC3 received a record number of complaints. Some 880,418 complaints were reported, with potential losses exceeding $12.5B. This indicates a 10 percent increase in complaints, and a 22 percent increase in losses, when compared to 2022 data.
The most frequently reported crime in 2023 was phishing schemes, which use unsolicited e-mail, text messages, and telephone calls purportedly from a legitimate company to request personal, financial, and/or login credentials. Over 298,000 complaints were filed about phishing schemes last year, which accounted for approximately 34 percent of all complaints reported. "FBI Releases Internet Crime Report" www.ic3.gov (Apr. 04, 2024)
Commentary
Although phishing methods have been around for decades, they remain a popular choice for cybercriminals for one reason – they work.
The vast majority of this type of malware is delivered not through brute force, but through an undereducated user. Email and text messages remain the most common delivery method, but delivering malware via social media also exists.
Risky behaviors of employees could include clicking on a link, downloading an attached file, or simply going to a suggested website – all of which cybercriminals use as invitations to use to download a network infection.
A 2023 report from Malwarebytes ThreatDown Labs found Amazon, Rufus, Weebly, NotePad++, and Trading View to be the top five most impersonated brands used to trick unsuspecting users into clicking links or downloading attachments. In addition, Dropbox, Discord, 4sync, Gitlab, and Google emerged as the top five most abused hosts.