2022 FBI IC3 Report: Five Takeaways from the Latest Report on Cybercrime

Editor's Note: This article refers to findings from the 2022 edition of the report. This report has since been updated. For data from 2023, read our findings.

‍

In 2022, cybercrime losses grew a staggering 47% from the year before, topping $10 billion in reported losses. An incident was reported to the FBI every 39 seconds.

The world of cybercrime is constantly evolving, and staying ahead of the latest threat vectors is essential to protect ourselves, our businesses, and our clients. This is especially true in the real estate industry, in which nearly $3 trillion worth of funds are transacted annually as properties close and mortgages are paid.

Although reported cyber losses reached their highest level, the number of reported incidents was down nearly five percent. This trend suggests that cyber perpetrators are focused on high-value targets and are willing to play a long, sophisticated game to defraud their victims. As the fraud landscape continues to change, the latest 2022 report from the FBI’s Internet Crime Complaint Center (IC3)¹ provides insight into the latest trends and threat vectors that must be managed.

Here are some key takeaways from the report and what they mean for you, your customers, and your vendor partners. 

Key Takeaway #1: Investment scams emerged as the largest source of cybercrime loss in the US last year.

One of the most significant findings in the Internet Crime Report 2022 is that investment scams overtook business email compromise (BEC) as the most significant source of financial loss. According to the report, these scams increased from $1.45 billion in 2021 to $3.31 billion in 2022—a 128% jump.

This shift is due to the rise of crypto investment schemes, which are often enabled by so-called "pig butchering" operations. These scams start after the scammer gains the victim’s trust and offers an investment opportunity in a cryptocurrency that promises high returns. In reality, the scammer is operating a fraudulent investment scheme that uses funds from new investors to pay off earlier investors, creating the illusion of profit. After extracting large sums of money from a victim, the scammers vanish, and the scheme is exposed. 

This dramatic shift in the use of digital currency in place of fiat currency is a reminder that the world of cybercrime is always changing, and criminals are constantly adapting their tactics to try and stay ahead of law enforcement and security controls.

Key Takeaway #2: Business email compromise (BEC) continued to be significant.

Business email compromise (BEC) has been the largest source of loss in the annual FBI IC3 reports for the last several years. Despite dropping to second place in 2022, BEC remains a top threat vector. BEC caused $2.7 billion in financial loss in 2022, growing 14% from 2021. The success of this type of scam has been staggering over the past five years, as it has grown from $676 million in reported losses in 2017 to $2.7 billion in 2022. 

As the FBI IC3 report explains, BEC is “carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

New technologies—such as caller ID spoofing, artificial intelligence, open source intelligence, and SS7 exploit kits—help cybercriminals expand their use cases and perfect their scams. So long as email, voicemail, and texts continue to be modes of communication, BEC will persist as a key enabler of cybercrimes that we must watch out for. 

Key Takeaway #3: Demographics are shaping cyber criminals’ tactics.

There is a common perception that cybercrime is mainly targeted at older age groups, often because they are less tech-savvy. However, the IC3 data does not support this notion. 

In fact, cybercriminals are becoming increasingly adept at tailoring their tactics to the preferences of each age group, with victims 30-39 years old reporting the largest number of fraud complaints in 2022. For example, younger people may be targeted more often with crypto-related scams, whereas older people are targeted in phone-based, call-center scams.

However you look at this growing problem, the answer is clear: Targeted education and awareness campaigns about recognizing and avoiding common cyber threats aimed at different age groups are just as important as any security technology. In the two largest segments of cybercrime by loss statistics—BEC and investment scams—victims were socially engineered into transferring funds for something they believed was in their best interest. The first (and best) lines of defense against social engineering are education and awareness. 

Key Takeaway #4: Five states stand out with the highest losses.

Five states (California, Texas, Florida, New York, and Georgia) make up almost half of all reported losses. California alone accounted for more than 20% of all reported cyber losses, racking up over $2 billion in victim claims in 2022.

These five states stand out due to a combination of factors, including larger population size, greater concentration of valuable real estate properties, and larger transaction volumes. This is important for real estate professionals and home buyers and sellers. We know that these cybercrime rings seek the highest probability of success, so for businesses and consumers in those states, the likelihood of being victimized may remain higher than in other states. 

Key Takeaway #5: Reporting losses is critical to fighting back.

Falling victim to fraud is devastating, but reporting incidents is essential to fight against cybercrime. 

Although the FBI’s report provides some remarkable numbers and figures, the team behind the report knows that not everyone who experiences a fraud event reports their losses to law enforcement. This makes it difficult for authorities to track down and prosecute cybercriminals because they need more data points to identify trends and key players. It’s important to give federal law enforcement the data needed to combat these malicious crimes.

It’s time to fight back against cybercrime!

Unfortunately, in the time it took you to read this article, at least four new individuals likely fell victim to a cybercrime. 

Although this data can be disheartening, shining a light on the problem and rallying involvement from across the real estate industry is a necessary step to push back against the growth of cybercrime. Help spread awareness by sharing the findings from this latest 2022 FBI IC3 report. We created an infographic to help you do that easily. 

‍

Want to learn more about cybercrime threats to real estate professionals and how you can boost your cybersecurity? Then take a moment to download the latest CertifID guide, The IT Security Stack for Title Professionals.

‍

¹ Federal Bureau of Investigation, Internet Crime Report, 2022

‍