EDIT: Jerome Cristobal
MANILA, Philippines—Last year, countries across the world experienced an unprecedented increase in cyber attacks and malicious activity, according to data from the US Federal Bureau of Investigation’s Internet Crime Report 2021 released last week.
However, the report also highlighted one of the biggest global impacts of cybercrime. According to the FBI, aside from the increasing reports in cases of cybercrime, losses as a result of cybercrime likewise significantly rose last year.
In this article, INQUIRER.net will detail the FBI’s recent findings on the mounting costs of cybercrime as well as some ways to keep yourself protected and secure against cyber attacks.
Costliest cybercrime
The FBI’s Internet Crime Complaint Center (IC3) found that cybercrime reports and complaints gathered across the world, but mainly from the US, had brought losses exceeding an estimated P360B ($6.9B).
The figure was a huge jump from the P210B ($4.2B) recorded by the FBI IC3 in 2020.
In terms of financial losses suffered and reported by victims, the FBI IC3 identified business email compromise (BEC) and personal email account compromise (EAC) as the costliest types of cybercrime reported last year across the globe with estimated losses of up to P124,709,369,056 ($2,395,953,296).
GRAPHIC: Jerome Cristobal
BEC, according to the FBI, refers to a scam that targets businesses working with foreign suppliers and/or businesses that are regularly performing wire transfer payments.
EAC, on the other hand, is a similar scam but targets individuals or personal email accounts.
“These sophisticated scams are carried out by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds,” the FBI said in the report.
The second most costly type of cybercrime based on FBI IC3’s data was investment scams or the deceptive practice which induces investors to make purchases based on false information.
This type of scam, the FBI explained, “usually offers the victims large returns with minimal risk” which makes it more enticing for some people.
Investment scams were responsible for financial losses worth around P75,781,843,195 ($1,455,943,193).
In third place was confidence or romance fraud, which resulted in losses of up to P49,761,868,467 ($956,039,740) last year.
“An individual believes they are in a relationship (family, friendly, or romantic) and are tricked into sending money, personal and financial information, or items of value to the perpetrator or to launder money or items to assist the perpetrator,” the FBI said.
“This includes the Grandparent’s Scheme and any scheme in which the perpetrator preys on the complainant’s ‘heartstrings’,” they added.
GRAPHIC: Jerome Cristobal
Also among the top 10 types of internet crimes which caused the highest financial losses last year were:
- Personal data breach: P26,910,958,092($517,021,289)
- Real estate or rental scams: P18,234,581,040 ($350,328,166)
- Tech support scams: P18,095,569,335 ($347,657,432)
- Non-payment or non-delivery scams: P17,566,514,345 ($337,493,071)
- Credit card fraud: P9,004,565,939 ($172,998,385)
- Corporate data breach: P7,889,126,111 ($151,568,225)
- Government impersonation scams: P7,424,581,318 ($142,643,253)
“The report was released on the heels of US warnings about an expected increase in Russian cyberattacks as retaliation for sanctions imposed on the country in the aftermath of its invasion of Ukraine,” said Katharina Buchholz, senior data journalist at consumer company Statista.
READ: The Costliest Types of Cyber Crime
Last week, US President Joe Biden warned American businesses to take precautions amid “evolving intelligence” that Russia could launch cyberattacks against American companies and critical infrastructure.
“The US government also warned about possible Russian cyberattacks on infrastructure like the electrical grid, water treatment plants, or hospitals,” Buchholz added.
On March 23, US national security adviser Jake Sullivan said that North Korea is working with cybercriminals across the world, including those from Russia.
READ: North Korea working with Russian cybercriminals–US nat’l security adviser
Countries fall prey to cybercrime
The FBI IC3’s data were composed mostly of reports by victims from the US or around 59 percent, 38 percent were from the UK and 3 percent were from victims elsewhere.
In the report, the FBI listed the top 20 countries with the most cybercrime victims, or individual complaints, submitted to the IC3 last year―excluding the US.
- Canada: 5,788 victims
- India: 3,131 victims
- Australia: 2, 204 victims
- France: 1,972 victims
- South Africa: 1,790 victims
- Germany: 1,429 victims
- Mexico: 1,326 victims
- Brazil: 1,053 victims
- Philippines: 1,051 victims
- Netherlands: 673 victims
- Greece: 585 victims
- China: 571 victims
- Spain: 560 victims
- Argentina: 538 victims
- Pakistan: 530 victims
- Italy: 517 victims
- Malaysia: 443 victims
- Turkey: 422 victims
- Japan: 419 victims
During the pandemic, cases of text scams with dodgy job offers that seemed too good to be true and are sent by random mobile phone numbers have been on the rise in the Philippines.
GRAPHIC: Jerome Cristobal
Those text messages usually go like this:
“Dear, I am a human resources manager. You have been selected for a part-time/full-time job. Now you can reach P800-P10,000/day,” including an attached link, which the sender will ask you to click or open to proceed with the application process.
According to the National Privacy Commission (NPC), these shady job offers through text messages are considered as “smishing”—a combination of SMS (short message service) and phishing —a variation of phishing through which mobile phone users are tricked into sharing private information.
“Smishing is a type of phishing attack that targets victims through mobile text messaging or SMS. Smishing attacks occur when threat actors send text messages to trick subscribers into clicking malicious websites,” the NPC explained.
READ: Cyber criminals run rampant via SMS, prey on Filipinos in need of jobs
Last year, 323,972 individuals across the globe became victims of smishing, phishing, dishing, and harming. These cases resulted in financial losses worth P2,305,125,828 ($44,213,707).
Another type of cybercrime that became heavily reported during the pandemic and has affected many Filipinos last year was a scam involving online banking.
READ: As holidays beckon, bank clients reminded of anti-fraud steps
Prevent cyber attacks
To keep their clients safe against unauthorized transactions, fraud, and scams, BDO Unibank has previously released some tips. These were:
- Do not share personal information—These include bank account numbers, usernames, passwords, and OTPs. Scammers can steal identities, access online bank accounts, and steal money using these pieces of information.
- “The bank advises all to be prudent in posting personal info on social media channels. If the profile is public, best keep it on private mode for added protection,” BDO said.
- Do not click on website links—Fraud attacks, according to BDO, can come in the form of emails, SMS messages, phone calls, or messages via social media channels and a website link.
- “Do not click on these links. These links will lead to a website identical to a legitimate company’s official site. Here, scammers can harvest personal information,” the bank’s management said.
GRAPHIC: Jerome Cristobal
The Department of Information and Communications Technology (DICT) advised the public to “be wary of unverified and unproven COVID-19 websites or applications that require you to give your personal data.”
“These websites and applications might be used by online scammers. Cybercriminals will do anything to obtain personal information, especially your financial and banking details.”
- Do not share OTPs—OTPs sent out through text messages are considered as an added layer of protection, especially for banks and account holders.
- Be cautious at all times
The Philippine National Police (PNP) likewise reminded the public to be extra vigilant and careful with their online and social media transactions.
“When using social media, be careful not to accept random friend requests. Cybercriminals often create fake accounts to befriend you. Trust no online friends unless you know them personally,” the PNP-PIO said last week.
“A common method of cybercriminals is to hack into personal computers or gadgets to send them e-mails with infected attachments. It is important to note not to respond to these dubious e-mails with embedded links. Don’t open links and attachments when in doubt. Such communication may be classified as phishing e-mails,” it added.
READ: PNP: Be careful online; beware of cybercrime, bank fraud
The Bankers Association of the Philippines (BAP) has recently released a statement, which says:
“An important reminder: You will never be a victim of cybercrime if you would never give your personal information, such as one-time password, to other people. If you do not give your personal information to others, cybercriminals will never be able to steal your money.”
The statement, however, was answered by then National Privacy Commission chief Raymund Liboro who told the banking community to not blame the victims.
Kaspersky―global cybersecurity and digital privacy company
―recommended digital payment providers to adopt the following measures:
- Ensure prompt patching and updating of software to prevent adversaries from penetrating the system.
- Implement high-grade encryption for sensitive data and enforce strong credentials and multi-factor authentication.
- Use effective endpoint protection with threat detection and response capabilities “to block access attempts, and managed protection services for efficient attack investigation and expert response.”
- Educate customers and employees on possible tricks fraudsters may use.
- Conduct annual security audits and penetration tests to find security issues in a company’s networks.
- Install a fraud prevention solution which can be quickly adapted for identifying new attack schemes and methods.
“While some of the preventive measures are not entirely new and have been around for some time, it is crucial to consider how security features can be integrated in a manner without compromising the user experience,” said Chris Connell, managing director for Asia Pacific at Kaspersky.