The FBI says that complaints concerning online scams and investment fraud have now reached a record-breaking level.

The Internet Crime Complaint Center (IC3) received its six millionth complaint on May 15. It took nearly seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints. It took only 14 months to add the most recent million. 

IC3 saw complaints increase nearly 70% between 2019 and 2020. The top three crimes reported by victims in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. Victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud.

Notably, 2020 saw the emergence of scams exploiting the COVID-19 pandemic. The increase in crimes reported in 2020 may have also been due in part to the pandemic driving more commerce and activities online. The latest numbers indicate 2021 may be another record year.

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions, says, "The report notes that business email compromise scams, romance and confidence schemes, and investment fraud were all leading financial loss attacks. Mobile devices make the perfect reconnaissance target for threat actors due to the unique data present. Malicious actors can harvest contact lists, credentials, private conversations, and social media content from mobile devices in order to plan subsequent attacks. These phishing attacks can even be launched from a coworker or friend’s infected device, improving the chances of success.

Schless adds, "Organizations need to ensure that no unauthorized users can gain access to their infrastructure. Implementing Zero Trust policies that assume no user or device can be trusted until proven otherwise will help mitigate this risk. Zero Trust Network Access (ZTNA) enables organizations to implement access policies that look at the context under which the device and the user, respectively, are attempting to access the corporate network. This could uncover anomalous activity such as a different login location than usual or malware lurking on a device before it connects."