FBI: Reported Cyber Attacks Down but Potential Losses Up in 2022

April 12, 2023

Cyberattacks and cyber-enabled frauds continue to affect the everyday lives of Americans. According to the FBI’s latest Internet Crime Report, the Internet Crime Complaint Center (IC3) in 2022 received 800,944 cyber fraud complaints, which is a 5% decrease from 2021. However, the potential total loss increased from $6.9 billion in 2021 to more than $10.2 billion in 2022.

Specific to the real estate industry, there were 11,727 victims who reported cyber fraud. This is up from 11,578 who were victims in 2021. The reported losses rose from $350.3 million in 2021 to $396.9 million last year.

“The public can play a crucial role by taking proactive measures to prevent and prepare for a potential cyberattack and, if there is an incident, by reporting it to the FBI through the IC3,” the FBI said in its report. “Though cybercriminals are continuously seeking to make their attacks more resilient, more disruptive, and harder to counter, public reporting to the IC3 helps us gain a better understanding of the threats we face daily.”

In its report, FinCEN highlighted an attempted cyber theft that occurred in July 2022. The IC3 received notice from the Charlotte field office of a complaint filed by an attorney seeking assistance with a Financial Fraud Kill Chain (FFKC) process on behalf of his clients. The clients were in the process of purchasing a home and received a spoofed email from their supposed realtor instructing them to wire $400,000 to a financial institution for an escrow payment. Once the wire was initiated, it was realized the instructions came from a spoofed email. Upon notification, the IC3 requested a FFKC to the recipient bank. Further collaboration between the attorney and the Charlotte field office confirmed the full amount of $400,000 was returned to the victim, making a full recovery possible due to the FFKC process.

New Tactic

The FBI reported an increasingly prevalent tactic by BEC bad actors of spoofing legitimate business phone numbers to confirm fraudulent banking details with victims. In one example, the victims reported they called a title company, Realtor, etc., using a known phone number. However, the number had been spoofed. With this increased tactic of spoofed phone numbers, the FBI said this emphasizes the importance of using two-factor or multi-factor authentication as an additional security layer. Procedures should be put in place to verify payments and purchase requests outside of email communication and can include direct phone calls but to a known verified number and not relying on information or phone numbers included in the email communication.

Other best practices include carefully examining the email address, URL and spelling used in any correspondence and not clicking on anything in an unsolicited email or text message asking you to update or verify account information.

Earlier this year, ALTA released an update to its Best Practices, which included a recommendation to use a wire verification service when sending money.


Contact ALTA at 202-296-3671 or communications@alta.org.