Instances of cybercrime and online fraud against businesses and individuals are far-reaching, but now, a new resource offering advice and assistance for victims is also spreading throughout the state.
In 2019, 467,361 cybercrime complaints were recorded with the Federal Bureau of Investigation, a 33-percent increase over the previous year. Reported losses from these crimes last year were in excess of $3.5 billion and experts estimate that these figures represent only a small fraction of the cybercrimes that actually occur.
Although widespread, cybercrime is still new enough that not everyone — including local law enforcement — knows how to respond, according to Demitria Gavit, state program director for the Cybercrime Support Network (CSN).
“A lot of cybercrime gets misdirected,” Gavit said. “It’s mostly because people don’t know who to call.”
CSN is a public-private-nonprofit collaboration, who partnered with Heart of West Michigan United Way (HWMUW) in July 2019 to launch the state’s first cybercrime support and recovery hotline. People and businesses in Kent County can now call “2-1-1” to report and find resources to recover from cybercrimes like identity theft, hacked accounts, financial fraud, stalking or harassment.
The program fills a “missing niche,” according to Gavit, who said victims previously had either not been reporting the crimes or had been calling the 911 emergency line.
“911 should be for immediate physical emergencies,” she said. “Nine times out of 10, in cybercrime, there’s going to be financial loss when somebody is a victim. That person is going to feel like it’s an emergency, which is why they’re calling the police department, but it’s an inappropriate use of 911.”
Furthermore, cybercrimes can originate from anywhere in the world, and local police agencies, which are often not funded, staffed or trained to fight cybercrime, may not even have jurisdiction, according to Gavit.
“There’s really not a whole lot that the police can do,” she said.
The CSN service is currently live in Kent County. In 2020, the program will expand further throughout 13 additional counties: Antrim, Benzie, Grand Traverse, Ionia, Kalkaska, Lake, Leelanau, Mason, Mecosta, Montcalm, Newaygo, Oceana, and Osceola, Gavit said.
When victims call the 211 hotline, they are connected with trained call specialists who can assess the situation and place them in touch with organizations that can help. This program complements and works in collaboration with law enforcement to improve service. Unlike with 911 dispatch, CSN wants to take as many cybercrime calls as possible.
“We want to help people before cybercrime events, we want to help caretakers that may be dealing with victims of cybercrime, we want people to call if they get a weird email and even though they may not have fallen victim to it, we want that information recorded,” she said. “It really is a service that is absolutely for everybody.”
The top three cybercrime types reported by victims in 2019 were phishing and similar ploys, non-payment or non-delivery and extortion.
The most financially costly forms of cybercrime involve business email compromise (BEC), romance or confidence fraud, and spoofing, or mimicking accounts that are known to the victim to gather personal or financial information, according to the FBI’s Internet Crime Complaint Center.
Donna Gregory, the chief of the center, said that in 2019, the organization didn’t see an uptick in new types of fraud, but rather noticed criminals deploying new tactics and techniques to carry out existing scams.
“Criminals are getting so sophisticated,” Gregory said in a statement. “It is getting harder and harder for victims to spot the red flags and tell real from fake.”
While email is still a common entry point, frauds are also beginning on text messages — a crime called smishing — or even fake websites — a tactic called pharming.
Individuals need to be extremely skeptical and double-check everything, Gregory said.
“In the same way your bank and online accounts have started to require two-factor authentication, apply that to your life,” she said. “Verify requests in person or by phone, double-check web and email addresses, and don’t follow the links provided in any messages.”
Email or email account compromise (EAC) has been a major concern among businesses for years. In 2019, the FBI recorded 23,775 complaints about this type of cybercrime, which resulted in more than $1.7 billion in losses to businesses.
These scams typically involve a criminal spoofing or mimicking a legitimate email address. For example, an individual will receive a message that appears to be from an executive within the company or a business with which an individual has a relationship. The email will request a payment, wire transfer or gift card purchase that seems legitimate but actually funnels money directly to a criminal.
The FBI also reported seeing an increase in the number of business complaints related to the diversion of payroll funds that appear to be from an employee requesting to update direct deposit information. The change instead routes an employee’s paycheck to a criminal.
Small businesses are particularly susceptible to attack, according to CSN’s Gavit.
“A lot of cybercriminals are not attacking big businesses with large amounts of money. Instead, they’re targeting a lot of small-dollar victims and small business owners especially,” Gavit said. However, she added, through resources like CSN, victims of all of these smaller attacks can help the FBI track trends with data, paint a better picture of cybercrime nationwide, and eventually get ahead of cybercriminals.