Security Bite: FBI releases 2024 Internet Crime Report, ‘new record for losses’

3 weeks ago 7

9to5Mac security bite cybersecurity Apple

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

This year marks the 25th anniversary of the FBI’s Internet Crime Complaint Center, or IC3 for short. Since its inception in 2000, the organization has released an annual report detailing trends based on the thousands of cybercrime complaints it receives daily from victims. This week, the FBI released its 2024 Internet Crime Report, revealing a record $16.6 billion in reported losses—a 33% increase and “a new record for losses reported to IC3.”

If there’s one thing this report highlights best, it’s that humans are more vulnerable than machines.

The FBI’s Internet Crime Complaint Center (IC3) received more than 859,000 complaints in 2024, according to its latest report. What were the most common cybercrimes? Phishing/spoofing, extortion, and personal data breaches.

California, Texas, and Florida led the nation in the number of reported incidents. To no one’s dismay, the 60+ age group accounted for most of all complaints submitted, totaling $4.8 billion in losses. This was followed by the 50-59 age group, which had the second highest number of complaints and $2.5 billion in losses.

Of the $16.6 billion in total losses, nearly 83% of it came from what the FBI calls cyber-enabled fraud. This is when ” (Fruad) includes complaints where criminals use the Internet or other technology to commit fraudulent activities, often involving the theft of money, data, or identity, or the creation of counterfeit goods or services.”

When looking at top cybercrimes by dollar amount loss, Investment, Business Email Compromise (BEC), and Tech Support top the list. While the former two were less frequently reported, they caused the most financial damage. Investment fraud totalled nearly $6.5 billion, more than all other cyber-related crimes combined. The FBI’s Internet Crime Report states that “Investment fraud” includes cryptocurrency scams, pump and dumps, pyramid schemes, and other illicit means to drain investment accounts.

A good note: thanks to the FBI’s operation Level Up, launched in January 2024 to alert potential crypto scam victims in real time, agents were able to prevent an estimated $285.6 million in losses.

BEC accounted for $3 billion of total losses in 2024, over $75,000 on average per complaint submitted. I’m not shocked by this one. Email is still the preferred way for criminals to find victims. And in most cases, it doesn’t include sophisticated malware that latches onto their Application or Downloads folder. Often, it’s simple but extremely clever social engineering tactics in the form of phishing emails/smishing. I’ve reported before that nearly 91% of all cybercrime starts with email! That stat tends to surprise people in 2025.

Lastly, the report also highlights continued concerns around ransomware, which rose 9% from 2023. The FBI’s Operations Director for Criminal and Cyber, B. Chad Yarbrough, expressed his concerns about ransomware, calling it “the most pervasive threat to critical infrastructure.”

Ransomware and data breaches were the most reported cyber threats among critical infrastructure organizations (e.g., manufacturing, healthcare, government facilities, financial services, IT, etc).

“(In 2024), the FBI took significant actions to make it harder, and more costly, for malicious actors to succeed,” Yarbrough stated in the report. “We dealt a serious blow to LockBit, one of the world’s most active ransomware groups. Since 2022, we have offered up thousands of decryption keys to victims of ransomware, avoiding over $800 million in payments.”

He’s referring to Operation Cronos.

You can check out the full IC3 Internet Crime Report here. It’s very dense but an interesting read (10/10).