Cybercrime Losses Exceeded $12.5 Billion in 2023

Discover insights from the FBI's Internet Crime Complaint Center (IC3) report, revealing cybercrime losses exceeding $12.5 billion in 2023. Learn proactive cybersecurity measures to safeguard your organization from becoming a statistic in the IC3 2024 report.

Susan Morrow

When you continually hear that cybercrime is out of control and costs are spiraling, you would be forgiven for switching off. But this is precisely what cybercriminals want you to do. The latest report from the FBI’s Internet Crime Complaint Center (IC3) shows losses of over $12.5 billion in 2023. Instead of switching off and putting our heads in the sand, we must proactively respond to security. By doing so, your organization will not end up in the IC3 2024 report.

To guide you through the latest cybersecurity figures, TitanHQ will explore the IC3 report, looking for insights to help you protect your organization.

Did You Know?

90%

cyber attacks begin with phishing

10 minutes

to seamlessly install PhishTitan

$10.5 trillion

estimated global cybercrime cost

295 days

to stop & spot a phishing attack

Insights from the FBI IC3 Report for 2023

Understanding your enemy is the best way to defeat them. The insights from the FBI IC3 2023 report are enlightening in this respect.

IC3 is the FBI’s public-facing arm, allowing the bureau to capture the cybersecurity landscape in the USA. In 2023, the following data was captured:

880,418 complaints were registered with IC3 (a 10% increase on 2022 figures)
The three most costly types of crime were, in order:
- Investment fraud, accounting for $4.57 billion in 2023 (a 38% increase).
- Business email compromise (BEC), costing businesses $2.9 billion in reported losses.
- Tech support scams.
There were 2,825 reported ransomware incidents in 2023 (an increase of 18% on 2022 figures).
Phishing continues to be the most prevalent crime type, with 298,878 reported incidents in 2023. This indicates a continued use of human-centric cyber-attack tactics.

880,418 complaints were registered with IC3 (a 10% increase on 2022 figures)

FBI’s Internet Crime Complaint Center (IC3)

Examples of Security Incidents in the IC3 2023 Report

Spoof Email Scams

The IC3 received a security incident complaint from an individual in the Connecticut area. The scam centered on a real estate transaction and a spoof email. The individual received what turned out to be an email that looked like it was from their attorney requesting a wire transfer of $426,000.00 to a financial institution (FI). However, the email turned out to be a spoof. The individual did not realize this was a scam until after the money had been wired to the hacker’s bank account. In this case, the FBI could trace and return most of the money to the victim.

Impersonation Scams

IC3 records several categories of impersonation fraud. Tech/Customer Support and Government Impersonation are responsible for over $1.3 billion in losses. An example is the Phantom Hacker, a tech support scam that uses complex layers of fake tech support, financial institutions, and government personas to build trust with victims. Some targeted persons have lost their entire retirement savings. Between January and June 2023, IC3 recorded 19,000 tech support scams with an estimated total loss of over $542 million.

Business Email Compromise (BEC)

The IC3 received notice of a BEC scam that affected a critical infrastructure construction firm in New York. The fraud led to a $50 million loss. The FBI was able to retrieve around $46 million of the money.

Ransomware

Ransomware increased in 2023 after a brief decrease in 2022. IC3 received 2,825 ransomware complaints with losses of more than $59.6 million. Around 42% of ransomware incidents were attacks against the critical infrastructure sector. Healthcare and manufacturing were the two most targeted organizations. Two worrying modifications to ransomware attacks are the use of:

Multiple ransomware variants are used to target the same victim.
Threats of data destruction are used to pressure victims to pay the ransom.

The FBI does not encourage paying a ransom to criminal actors.

IC3 received 2,825 ransomware complaints with losses of more than $59.6 million.

FBI’s Internet Crime Complaint Center (IC3)

What Measures will Stop your Organization from Adding to the IC3 Report Stats?

Phishing/spoofing was by far the most utilized cybercrime technique. Research from a variety of other sources concurs with this finding. It is established that cyber-attacks, including Business Email Compromise (BEC), ransomware, and socially engineered scams, including impersonation-based scams, will utilize phishing to initiate the attack chain. This is borne out by over 90% of cyber-attacks starting with a phishing incident. As cybersecurity attacks become complex and evasive and use multiple stages, a single-point solution will no longer prevent an attack. An organization must deploy various security measures to stop these sophisticated human-centric attacks.

With this in mind, several measures are used together to lower the risk of a cyber-attack, as noted by IC3:

Educate your Users

Cybercriminals rely on manipulating people into performing an action that benefits the scammer. This could be clicking on a malicious link in an email, downloading an infected attachment, or unknowingly transferring money to a hacker’s bank account. Security awareness training is an essential first security measure to stop behavior manipulation from working. Advanced security awareness training solutions work at the behavior level, focusing on changing risky security actions that would otherwise lead to a cyber-attack. Solutions like SafeTitan also provide a simulated phishing platform that trains employees to identify and deal with phishing emails.

Hear from our Customers

We are planning to deploy to all our clients.

Since we deployed PhishTitan our users are more aware and better protected from phishing emails. The visual cues users get with suspicious emails is a great help. The Outlook Add-In also works fantastically. We are planning to deploy to all our clients. This is a definite win-win.

Hugh Meighan

President

PhishTitan is the Next Best Thing

Comments: We are a current customer of their SpamTitan product and have expanded our buy with the company because the products are sound and a great value. Ease of setup, Ease of deployment, Straightforwardness of features and settings.

Hugh

President

Another GREAT Product from TitanHQ

What can i say besides i LOVE these guys. they are on top of things. we currently are using most of the products and they are so easy to integrate to our MS365. on boarding was easy, this gives the user a way to make the decisions on the emails legitimacy.

John F.

Network Admin

TitanHQ is ever-evolving and advancing its tool stack to help business protect their data.

As a TitanHQ partner, we have used all their other products to help secure our customers. The addition of PhishTitan shows that TitanHQ is ever-evolving and advancing its tool stack to help businesses protect their data. PhishTitan is helping us layer in more protection right inside the M365 mailbox. With threat actors now having the assistance of AI to help them form their malicious email attacks, it is more important now than ever for us to use an AI-driven tool like PhishTitan.

Hunter McFadden

Owner

Easily Implemented Product

Pros: Great UI. Good detection service. URL Rewrites. Compliance and Regulation. Improved Security Posture. Enhanced Employee Awareness. Overall: The Support team are great at TitanHQ, helped us every step of the way with onboarding our 365 tenancy, since implementing we haven't had to make any changes, simply checking the dashboard for detections once a day.

A PhishTitan User

IT Support Technician

Use an Advanced Anti-Phishing Solution.

Sophisticated scams can still trick users even with an educated, watchful workforce. Mitigation is about de-risking, and each layer of a cybersecurity strategy will reduce this risk. Implementing an advanced anti-phishing solution is another essential layer in a multi-layered security approach. Integrated Cloud Email Security (ICES) uses behavioral analytics, AI, and natural language processing (NLP) to detect and prevent even the most sophisticated phishing attempts. Intelligent technologies allow an ICES solution, like PhishTitan, to identify evasive malware, multi-stage phishing attacks, QR code phishing, and emerging threats.

Patch

Cybercriminals invariably exploit software vulnerabilities at some point during a cyber-attack. For example, if a user opens a malicious attachment in an email, this attachment could be configured to identify and exploit a software flaw in a browser or other app. By ensuring that software patches are updated regularly, the likelihood of software vulnerability exploitation is minimized.

Use Multi-Factor Authentication (MFA)

Phishing is more difficult if access to apps and network areas is controlled by enforcing login using another authentication factor, such as an authentication code or biometric. However, cybercriminals can circumvent MFA under certain circumstances, so MFA must be used along with the other layers of protection.

Susan Morrow

DATA PROTECTION
EMAIL PHISING
EMAIL SECURITY

PhishTitan

SpamTitan

TitanHQ SAT

WebTitan

ArcTitan

EncryptTitan

Microsoft 365 Backup

Entra ID Backup

Managed Service Providers

Education - K12 Schools

Legal

SMBs

Education - UK Schools

Guest WiFi

Employee Phishing Training

Phishing Simulation Tool

Anti-Phishing Filter

Data Leak Prevention

Cisco Umbrella Alternative

Barracuda Alternatives

DNSFilter Alternative

Mimecast Alternative

Microsoft EOA Alternative

About

Testimonials and Case Studies

Careers

Branding

Events

MSP Partners