Internet Crime Complaint Center Marks 20 Years
From Early Frauds to Sophisticated Schemes, IC3 Has Tracked the Evolution of Online Crime
Throughout the 1990s, Americans took to the internet in droves. The decade saw the launch of the first web browsers, the introduction of now ubiquitous search engines, the birth of online commerce, and the ascendance of email as a go-to mode of communication.
As this new landscape bloomed, so did opportunities for criminals. The web offered easy access for cyber actors to target hundreds or even thousands of people at relatively low cost and risk.
When these crimes started occurring more frequently, the public was unsure where to turn for help. “People really didn’t know where to report internet scams or other online fraudulent activity,” said Internet Crime Complaint Center (IC3) Chief Donna Gregory. “And law enforcement agencies were saying: ‘What do we do with these? How do we handle them?’”
Recognizing the need to collect and assess information on cyber crime, the FBI started the Internet Fraud Complaint Center in May 2000 as a pilot project with the National White Collar Crime Center.
That center turns 20 this month. Renamed the Internet Crime Complaint Center (IC3) in 2002, the IC3 logged its 5 millionth complaint in March 2020. All that data has improved the public’s awareness of online crimes and helped the FBI and other law enforcement agencies better address internet-enabled attacks, fraud, thefts, and scams.
“The scale, scope, speed, and impact of cyber threats is constantly evolving.”Matt Gorham, assistant director, FBI Cyber Division
Online Crimes Grow More Damaging and Targeted
The crimes catalogued by the IC3 mirror the evolution of the web across two decades—growing in sophistication and number as the internet grows ever more essential to our professional and personal lives.
“The scale, scope, speed, and impact of cyber threats is constantly evolving,” said FBI Cyber Division Assistant Director Matt Gorham. “Criminals are opportunistic, and we’ve seen them rapidly adapt to the cyber environment, creating a variety of schemes to exploit the public and private sector.”
In its first full year of operation, the IC3 logged 49,711 complaints. Most of them revolved around internet auction fraud, non-delivery scams, and the West African letter (yes, that now infamous message from a prince or princess with an untapped fortune they wanted to share with you).
“People still fall victim to that letter and versions of it,” said Gregory. “We still see scams that involve lotteries or windfalls where the victim just needs to pay what they believe are taxes or some fee to receive the winnings or a share of the fortune.” Of course, there is no windfall to claim after the criminal collects those “fees” or “taxes.”
“The more prevailing trend,” said Gregory, who has been with the IC3 since its founding, “is that those early, rudimentary scams have given way to more destructive and costly data breaches and network intrusions, ransomware, romance scams, and sophisticated financial crimes like business email compromise.” Criminals still target individuals, but businesses and organizations are becoming more common targets because of the potential of a larger payout.
Losses recorded by the IC3 in recent years reflect the greater financial damage of this evolution. In 2019, victims reported more than $3.5 billion in losses—an average of $7,500 for each of the 467,361 complaints recorded that year. In 2001, the average victim lost $435.
Gregory said the IC3 has also seen a shift in the types of criminals perpetrating the illegal activity. Many of the criminals now live overseas, and organized crime groups are on the rise.
“The sophistication of modern online criminals is the most troubling part,” Gregory said. “We used to be able to give people common sense tips to keep them safe; now it is just much harder to tell the real messages and websites from the fake.”
Instead of an impersonal spam message with poor spelling and grammar, the scam may arrive via a well-written email that appears to come from a trusted colleague, business, or vendor.
Another enduring trend revealed in 20 years of crime data is that scammers will take advantage of a moment in time to prey on people who want to help or may need help in the wake of a natural disaster or tragic event.
The center saw an uptick in charity and disaster fraud reports around the time of Hurricanes Rita and Katrina and after the Boston Marathon bombings.
In 2008, scammers tried to gather banking information from Americans waiting to receive stimulus checks as the nation slipped into recession.
Now, during the COVID 19 pandemic, scammers are working overtime hawking fake cures and investments schemes, selling protective equipment without the inventory on hand, and looking to take advantage of a more concentrated online presence during increased telework and distance learning arrangements.
“Criminals and scammers go where there is opportunity,” said Gorham. “Right now, they are exploiting a public health emergency to steal from and deceive people who are vulnerable, worried, or seeking vital supplies and assistance.”
“Those early, rudimentary scams have given way to more destructive and costly data breaches and network intrusions, ransomware, romance scams, and sophisticated financial crimes like business email compromise.”
Donna Gregory, chief, IC3
The IC3 collects and reports out its data in an annual report and educates the public by sending out notices about new scams or upticks in certain type of crimes. Its other key role is to support law enforcement. Federal, state, local, and tribal agencies can access the IC3’s data through a secure database.
“The IC3 was created to provide the public and law enforcement with valuable information collected and analyzed by the FBI.” Gorham stated. “By sharing this information, we hope to protect the American public from becoming victims of cyber crime and enable law enforcement to identify links and trends they may not otherwise be able to see.”
Gregory also points to how IC3 data has helped improve the FBI’s response to frauds carried out online. “We were seeing victims losing a lot of money, mostly through cases of business e-mail compromise,” she said. “Initially we were able to work with financial institutions to examine wires going to international banks. Once we saw success in stopping some of those transactions, the criminals shifted to domestic accounts.”
Gregory said money mules play a huge role in dividing up stolen money into U.S. accounts before moving it overseas. Money mules are people who allow criminals to use their bank accounts to launder illicit funds—either because they are receiving a commission for the service or because they trust the person asking for access to their account.
“Law enforcement could not keep up as the money started moving through U.S. accounts,” Gregory said. “By the time they could take action, it was too late. So we started to look into working directly with the banks to stop the money flow and give law enforcement time to do the investigation.”
In 2018, the FBI created the Recovery Asset Team to streamline communication with financial institutions and FBI field offices to halt fraudulent transactions faster. The team successfully recovered more than $300 million for victims in 2019.
After 20 years with the IC3, Gregory has learned that the online environment will continue to change and that the criminals will adapt along with it. She worries about the trends she’s seeing in manipulated photos and videos but can never be certain where the next threat will emerge. The only things that are certain is that the IC3 will continue to evolve as well, finding new and better ways to warn and protect the public from cyber scams and support law enforcement as they combat the threat.
To report a crime or see the IC3’s annual reports and warnings about current crimes, scams and frauds, visit ic3.gov.
For more information on common online crimes and prevention tips, visit the FBI’s Common Scams and Crimes page.