While the COVID-19 pandemic dominated the news in 2020, a different epidemic was silently spreading across America last year: cybercrime. Americans lost over $4.2 billion to scammers and cyber-attacks in 2020 alone, according to the FBI’s internet crime center, IC3. IC3 received 300,000 more reports of cybercrime in 2020 than it did the year before, for a grand total of 791,790 complaints.
When social distancing precautions forced offices to move to a work from home model and retailers to shift to ecommerce, this exposed weaknesses in many businesses’ cyber defenses. Organizations struggled to adjust to new systems, and employees worked from unsecured home networks. Meanwhile, hackers took advantage of the chaos.
The Attack on Remote Employees
While working from home, employees were forced to rely on messenger apps and email for communication. It’s no surprise, then, that the most common form of cyberattack in 2020 was the business email compromise, or BEC. According to the IC3 report, a total of $1.8 billion was lost to BEC attacks in 2020. A BEC scheme is a form of phishing attack, in which a fraudster uses a fake email account or even a fake website to pose as a member of a legitimate organization–perhaps even a colleague. After gaining the target’s trust, the cyberthief will then ask for access to calendars, company accounts, data, or log-in information they need to complete the attack.
From there, the hacker may install malware that silently scrapes sensitive information from the company’s network, or even use ransomware to hold an organization’s data or systems hostage. The FBI also reported that instead of asking the target to wire funds, as hackers have often done in the past, cyberthieves are instead making away with funds after converting them into cryptocurrency.
Beyond BEC attacks, company employees were also the targets of a high number of tech support scams in 2020. In a tech support scam, the victim may receive an unsolicited phone call or email from someone claiming to be a support technician for a legitimate organization. To trick the unsuspecting target into sharing their information, the fraudster may tell the target that they have malware on their computer or need login information in order to carry out tech support.
Healthcare Hacks Soar
Organizations and remote employees weren’t the only ones to suffer from the cybercrime epidemic during COVID-19. American consumers also took a hit from COVID-19 scammers posing as the CDC, World Health Organization, contact tracers, health insurance providers, and fraudulent testing sites. Using email, robocalls, or real-time phone calls, con artists tricked vulnerable and scared citizens into providing their valuable personal information.
Given the high value of personal healthcare data on the dark web, it’s no surprise that hackers saw a public health crisis as an opportunity. Healthcare cyber attacks doubled in 2020 as cyberthieves hoped to get their hands on the increased volume of patient data during a vulnerable time for hospitals and other healthcare providers. Of the cyberattacks on healthcare organizations in 2020, 28% were ransomware attacks, reflecting a rising trend of increased ransomware attacks across a variety of sectors over the last year.
Retailers Reel from Fraudulent Purchases
Many businesses shifted to ecommerce models to accommodate for COVID-19 shutdowns in 2020, putting themselves at risk of chargeback scams and data breaches. Unfortunately, while ecommerce purchases rose, so did the cost of retail fraud, which increased 7% in 2020.
This was especially true for mid-to-large merchants in the U.S., which saw an uptick in fraudulent purchases during the worst of the stay-at-home orders. One survey showed that retailers selling digital goods saw an increase in fraudulent attempts during the shutdown period with 16.4% more attempts than before the pandemic.
Don’t Become a Cybersecurity Statistic
2020 may be over, but the implications of the COVID-19 pandemic aren’t. Many companies continue to work from home for the foreseeable future, and some plan to do so permanently. And, as always, hackers are constantly inventing new ways to scam and scheme retailers and consumers alike.
Your best defense against hackers is finding the right partner in data security. At Bluefin, we offer payment solutions designed to protect your organization from data breaches and cyberthieves. To find out more about Bluefin’s point-to-point encryption (P2PE) and tokenization solutions, get in touch with a Bluefin representative today.