Americans lost a record $12.5 billion to online fraud last year

More than $12.5 billion was lost in 2023 to online fraud in cases reported by the American public, according to the FBI’s annual Internet Crime Report — a 22% increase on the year before.

The report compiles information from the FBI’s Internet Crime Complaint Center (IC3) and shows a steady increase in fraud nearly across the board. The center registered more than 880,000 complaints. IC3 aggregates data only for reported cases, so the actual dollar figures could be much higher.

Investment fraud resulted in the most losses of any type of digital crime, spiking to $4.57 billion, a 38% jump on the year before. According to the FBI, $3.94 billion of those losses were connected to cryptocurrency investment fraud.

Since 2021, reported annual investment fraud losses have more than tripled, fueled by social engineering attempts like pig butchering scams — when victims are made to believe they have a personal relationship with a scammer, who then persuades them to make a fraudulent cryptocurrency investment. Many of the scams originate in Southeast Asia and are highly organized operations overseen by crime syndicates taking advantage of forced labor.

“Notably, different age groups tended to be impacted by different crimes,” the FBI said in the report. “Victims 30 to 49 years old were the most likely group to report losses from investment fraud.”

The second most damaging type of crime highlighted by IC3 were business email compromise (BEC) scams, which accounted for $2.9 billion in losses. These often involve compromised vendor accounts, requests for W-2 information and real estate scams.

As the FBI warned last year, scammers “are increasingly using custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors, or having targeted individuals send funds directly to these platforms where funds are quickly dispersed.”

“With these increased tactics of funds going directly to cryptocurrency platforms and third-party payment processors… it emphasizes the importance of leveraging two-factor or multi-factor authentication as an additional security layer,” they said.

Ransomware was also on the rise after dipping in 2022, and adjusted losses rose 74% to nearly $60 million.

The agency received nearly 1,200 complaints from organizations within a critical infrastructure sector affected by a ransomware attack, with the healthcare sector making up 249 of those complaints.

The report did highlight some positives in what was overall an alarming year for cyber fraud.

The IC3’s Recovery Asset Team (RAT) froze more than $538.39 million following complaints of fraud. The team was set up in 2018 as a liaison between financial institutions and field offices to recover stolen assets.

In one case, the RAT filed a Financial Fraud Kill Chain (FFKC) request — a process for recovering large international wire transfers stolen from U.S. accounts — after a “critical infrastructure construction project entity” in New York reported a $50 million loss from a BEC scam, and the bank was able to freeze the assets in the account.

In all, the team filed more than 3,000 such requests and was able to recover more than 70% of funds in those cases.