Between 2018 and 2022, the FBI received 3.26 million complaints about cyber-attacks, with reported losses totaling $27.6 billion. These complaints are recorded and investigated by the FBI’s Internet Crime Complaint Center, also known as IC3.
Cyber-attacks and cyber-fraud are a mounting problem for both individuals and the government. Although these are a fraction of total crimes, the financial losses are severe, demonstrating the need for a robust law enforcement response, according to the Government Accountability Office.
What is a cyber-attack?
The National Institute of Standards and Technology defines a cyber-attack as “any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.” This includes both technical attacks involving data breaches, as well as personal cons where the victim is communicating with the fraudster.
The term “cyber-crime” is technically an overarching term used to describe general criminal activities that target a computer or network to cause damage or steal information, but people use both terms interchangeably.
Types of cyber-attacks include:
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details via email or text by masquerading as a bank or other trusted entity.
The FBI leads national efforts to identify, prosecute, and reduce cybercrimes. IC3 is the Nation’s cybercrime reporting hub, giving victims an opportunity to recover their information or financial assets.
How much do cyber-crimes cost individual Americans?
Some types of cyber-attack generate higher costs for victims than others. Online scams involving fake investments resulted in over $3.3 billion in lost assets in 2022, roughly one-third of total losses. These scams induce investors to make purchases based on false information, usually offering large returns with minimal risk (e.g., Ponzi and pyramid schemes).
Other costly scams include business email compromise — a sophisticated fraud technique that tricks business’ employees to transfer of funds to scammers' accounts — and tech support scams in which the attacker subject poses as a technical and/or customer service agent to get the victim to reveal personal data.
Who is most affected by cyber-crimes?
The 60+ age group reported 37% of all financial losses in 2022, the largest percentage among all age demographics.
However, victims within the 30–39 age group generated the most complaints — 94,506 in 2022 — compared to 88,262 for the 60+ cohort.
Critical national infrastructure suffered from cyber-attacks as well, typically through ransomware attacks that prevented organizations from completing work until a ransom had been paid.
The healthcare and public health sectors experienced the most ransomware attacks, with 210 incidents recorded. They present a critical challenge, as it can impede the delivery of proper care to patients until the cyber attacks are resolved.
Healthcare was closely followed by critical manufacturing with 157 attacks, and government facilities at 115.
The US defense industrial base, which includes the network of businesses, factories, and workers that supply the military with weapons, vehicles, technology, and more, only had one reported cyber-attack in 2022.
How to report a scam
You can report internet-enabled crime against yourself or someone else via the Internet Crime Complaint Center. The IC3 processes complaints to determine their accuracy and completeness then investigates to return lost documents, information, and financial assets, if possible.
The FBI also has guidance on how to spot and report online scams.