The FBI’s Internet Crime Complaint Center (IC3) released its 2021 Internet Crime Report , showing another sharp increase in cyber-enabled crime, business email compromise, and phishing scams.  According to the report, last year “Americans experienced an unprecedented increase in cyber attacks and malicious cyber activity” as cyber criminals continued to exploit the COVID-19 pandemic and in-person meeting restrictions to breach telework or virtual communication practices between people.  Business email compromise (BEC) losses grew to a staggering total of $2.4 Billion last year, an increase of 33 percent from the year before.  

Below, you will find a summary of the most important findings and trends from the IC3 report and a list of strategies to protect yourself and your customers from fraud. We also include details on how to recover funds if you or someone you know gets defrauded. You can also download our infographic, "Cybercrime on the Rise: Select Findings from the FBI's 2021 Internet Crimes Report."

IC3 Report Summary 

In total, the IC3 received 847,376  total complaints in 2021, a 7 percent increase from the year before. That’s an average of over 2,300 complaints per day or one every 37 seconds.  

Reported losses due to internet crime totaled $6.9 billion last year, a 64 percent increase from 2020, an alarming statistic given that 2020 was the year of complete disruption due to the COVID-19 pandemic. Of that amount, $2.4 billion, or 35 percent of all reported loss, was attributable to BEC, an increase of 33 percent from the year before.  

‍

The average BEC loss continues to increase as well. In 2021, cybercriminals diverted an average of $120,277 per BEC incident, up 29% percent from 2020. BEC holds its position as the largest and fastest-growing cybercrime in the country.

Phishing-related scams were on the rise again last year as well. These scams increased by 34 percent from the year before and a concerning 182 percent from 2019. Last year, cybercriminals saw opportunities to create well crafted and timely phishing campaigns around COVID variants, vaccination requirements, work-from-home policies, and other trends to lure people into clicking fraudulent links or opening malicious attachments and providing account credentials. Armed with email or other sensitive account access, cybercriminals may deploy numerous scams against the account holder or others associated with them.  

Takeaway: Cyber criminals continue to harvest billions of dollars each year from businesses and consumers across the country. With seemingly endless opportunities and ultra-high profit margins per scam, multinational fraud syndicates have a compelling economic incentive to continue investing in the talent, technology, and financial infrastructure to grow their operations. This growing threat will require consumers and businesses to become more educated, engaged, and vigilant on the cyber-risks facing their personal and professional lives.   

Who’s At Risk for Fraud? 

While all age categories reported cybercrime losses, 74 percent came from individuals over the age of 40 showing that the generations holding the most disposable income and wealth in the country continue to be top targets for today’s cybercriminals. Here is a breakdown of losses by age: 
‍

• Under 20: 14,919 complaints and $101,400,000 in losses 

• 20-29: 69,390 complaints and $431,100,000 in losses 

• 30-39: 88,448 complaints and $937,300,000 in losses 

• 40-49: 89,184 complaints and $1,190,000,000 in losses 

• 50-59: 74,460 complaints and $1,260,000,000 in losses 

• Over 60: 92,371 complaints and $1,680,000,000 in losses

What States Reported the Most Victim Losses? 

The IC3 received reports of cybercrime from all 50 states, but here’s a list of the top 10 states where the highest amount of losses were reported: 

1. California: $1,227,989,139 
2. Texas: $606,179,646 
3. New York: $559,965,598 
4. Florida: $528,573,929  
5. Pennsylvania: $206,982,032
6. New Jersey: $203,510,341
7. Illinois: $184,860,704
8. Michigan: $181,622,993
9. Virginia: $172,767,012
10. Washington: $157,454,331

‍

Real Estate Fraud Losses 

Home prices continue to experience year-over-year double-digit price increases with the median sales price of a home exceeding $400,000 at the end of 2021. Rising home values means bigger opportunities for cyber scammers to divert incoming and outgoing wire transfers of closing funds.   

In 2021, a reported 11,578 people were victimized by real estate-related crimes, a 15 percent decrease from 2020.  Despite the decrease in number of reported victims of real estate-related crimes, the total reported losses totaled $350,328,166, an increase of 64 percent over 2020.  

Historically low housing inventory levels have created a heightened level of stress for home buyers and home sellers. This stress is compounded by a lack of experienced talent in the title and settlement industry to keep pace with the historic demand for purchase and refinance closings in 2021. These factors created an environment where all parties in a real estate transaction became more susceptible to being socially engineered and tricked into sending funds to fraudulent bank accounts. Buyers sending in their closing funds via wire transfer experienced devastating losses in 2021. Similarly, we saw a spike in mortgage payoff fraud as cyber criminals intercepted and manipulated mortgage payoff statements in order to divert the transfer of funds from title companies responsible for settling such loans after closing. 

Recently, we sat down with Krista, a victim of real estate wire fraud. As an educated professional and first-time home buyer, she experienced firsthand the frenzy of the current housing market. After placing offers on multiple properties that were rejected, she finally secured a property but had to wait nearly six months for construction to be complete. She safely sent her earnest money deposit to her title company at the beginning of the transaction, but she was defrauded of her life savings of over $20,000 when a fraudster spoofed her title company and convinced her to wire funds to a fraudulent account. CertifID was able to step in and help her recover a large portion of her funds, but the event could have cost her the ability to close on the home. She shared her story and hopes real estate professionals will help better protect their clients from the same thing happening to them. Hear Krista’s story on being a wire fraud victim.  

How to Recover Stolen Funds 

Since the beginning of 2021, CertifID’s Funds Recovery Services Team has led over 150 successful funds recovery efforts returning more than $42 million to victims of wire fraud. Unfortunately, this year is off to a staggering start regarding BEC and real estate transactions with evidence of mortgage payoff and buyer cash-to-close wires at risk of being stolen.  

Our founder and executive chairman, Thomas Cronkright, is a large title agency owner and a wire fraud victim himself. So he knows firsthand what it is like to experience fraud at the hands of cybercriminals. While we hope it is never the case, we have created a complete guide on how to recover from wire fraud to help provide steps on what to do if you believe you’ve been a fraud victim.  

‍If you or your customer suspects that funds have been stolen, here are the steps you need to take to recover:  
‍

Step 1: Contact your bank and initiate a SWIFT recall on the wire transfer that left your account.

‍Step 2: File a complaint with the FBI’s Internet Crime Complaint Center (IC3). 
‍

Step 3: Contact your local FBI or U.S. Secret Service field office and provide the IC3 complaint number. 
‍

Step 4: Contact all banks that may have also received your funds. 
‍

Step 5: Contact local authorities and file a police report. 
‍

Final step: Contact your security team, IT department, or consultant and initiate “The Information Technology Kill Chain.” 

How to Protect You and Your Customers from Fraud 

While there is no silver bullet to cybercrime prevention, there are three pillars that will lower the risk of being a victim: awareness, education, and communication. 
‍

Awareness 

Creating awareness around cybercrime and educating yourself and your customers is the first line of defense.  

Social engineering, phishing, and other cyberscam strategies are becoming more advanced, believable, and less noticeable. 

It’s becoming more difficult to detect messages from a scammer as they perfect the timing and communications to make their scams more believable.

No matter your age, occupation, or location, you could be at risk.

If your company is responsible for handling escrowed funds, make sure you develop an incident response plan so that you are prepared to act if a cyber incident occurs. Remember, minutes matter!  
‍

Education 

Another way to help protect yourself is education. Do your due diligence, research, stay up to date on cyber trends, refine your strategies, and invest in solutions that keep you safe. Anytime you are making decisions involving large amounts of money, always take time to review everything and never do anything when you’re rushed.  

‍

Communication 

The last way to help protect yourself is communication. Make sure everyone is aware of the risks associated with emails, wire transfers, and potential spoofed identities. Confirm that all parties in a transaction understand how funds will be transferred safely and what to watch out for as it relates to “new” or “updated” wire transfer requests. Everyone needs to be on high alert. If anyone in the situation feels like something is off, they need to communicate that to everyone else. Even if it is a false alarm, it is better to be alarmed for a few minutes versus not thinking twice and losing a large amount of money to a cyber fraudster. 

If you’re looking for additional information on fraud, make sure to check out our Resources page.