Pennsylvanians lost nearly $251 million due to internet crime in 2022, ranking the commonwealth in the top 10 states, according to the FBI’s 2022 Internet Crime Complaint Center report. That’s up from $207 million in 2021. Nationwide, there were $10.3 billion in losses from internet crime last year.
The number of victims reporting crimes in Pennsylvania was 14,714 in 2022, down from more than 17,000 in 2021.
Real estate/rental-related internet victim losses nationwide rose more than $40 million to nearly $397 million last year, compared to $350 million in 2021.
“Developments in artificial intelligence have also allowed cyber threat actors to create increasingly convincing email scams and phishing messages,” said Sean Stajkowski, intelligence analyst II, Pennsylvania Criminal Intelligence Center.
Business email compromise, also known as BEC, saw a rise in complaints to the FBI’s IC3 division. Nationwide, victims lost more than $2.7 billion due to BEC. According to the IC3 report, “BEC is a sophisticated scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
The report notes there is an increasingly prevalent tactic by BEC bad actors of spoofing legitimate business phone numbers to confirm fraudulent banking details with victims. It specifically notes that one example of this crime is victims report having called a title company, real estate agent or other real estate related professional using a known phone number, only to discover the phone number has been spoofed.
“Developments in artificial intelligence have also allowed cyber threat actors to create increasingly convincing email scams and phishing messages,” said Sean Stajkowski, intelligence analyst II, Pennsylvania Criminal Intelligence Center. “Malicious AI tools can be trained using alternative data models leading to more proficient future campaigns. Previous obstacles for a cyber threat actor, such as a non-native language or the development of a fraudulent website, can be alleviated by AI tools, increasing the effectiveness of the scam.”
“Procedures should be put in place to verify payments and purchase requests outside of e-mail communication and can include direct phone calls but to a known verified number and not relying on information or phone numbers included in the e-mail communication. Other best practices include carefully examining the email address, URL and spelling used in any correspondence and not clicking on anything in an unsolicited email or text message asking you to update or verify account information,” the report noted.
The IC3 Recovery Asset Team is tasked with streamlining communication with financial institutions and assisting FBI field offices when freezing funds for victims who made transfers to domestic accounts under fraudulent requests.
Last year, RAT had a 73% success rate in investigative and recovery efforts.
If someone believes they are a victim of BEC, they should:
- Contact the originating financial institution as soon as the fraud is recognized to request a recall or reversal and a Hold Harmless Letter or Letter of Indemnity.
- File a detailed complaint with IC3.gov. It is vital the complaint contains all required data in the provided fields, including banking information.
- Visit IC3.gov for updates regarding BEC trends as well as other fraud schemes targeting specific populations, like trends targeting real estate, pre-paid cards and W-2s.
- Never make any payment changes without verifying the change with the intended recipient; verify email addresses are accurate when checking email on a cell phone or other mobile device.
If you or your client are the victims of an internet crime, you should file a report with the FBI’s Internet Crime Complaint Center and contact your local police department.