Cybercrime Is A Booming Business

Cybercrime is Growing Fast and It’s Not Slowing Down

The business of cybercrime is booming with no signs of slowing down. According to the FBI’s Internet Crimes division, IC3, over 8 million complaints have been reported since the department’s 2018 inception. In 2023 alone, consumers reported $12.5 billion in losses from the internet crime related incidents. Globally, the cost of cybercrime reached $8 trillion last year. That number is expected to jump to $9.5 trillion in 2024 and exceed $10.5 trillion in 2025. These are staggering numbers to comprehend but sadly, it is the reality of the world we live in. Cybercrime is a threat to both the business and the consumer and the only way to combat it is to know the facts.

Account Takeover (ATO) attacks increased by a staggering 354% year-over-year in Q2 of 2023, according to the Q3 Digital Trust & Safety Index report from the fraud management platform, Sift. Roughly 18% of consumers surveyed by Sift were victims of account takeover, with 62% of those attacks occurring in the 12 months prior to the time of the survey. Of those victims, 34% were defrauded more than once, often from the use of digital subscription apps, as well as online shopping and financial services sites.

In 2023, Americans reported losing a breathtaking $5.6 billion in cryptocurrency scams alone, according to the FBI.  The total number of reported complaints was over 70,000 in 2023, which was a 45% increase from 2022.  Many of these complaints involved false-dating apps, social media traps, and what the media, unfortunately, refers to them as, “pig butchering” scams.  These scams are evil in their intent and prey on the most vulnerable, many times victimizing seniors who have recently lost a loved one.  These scams are insidious and the only way to defend against them is to simply not fall for them in the first place, which is easier said than done when in the midst of manipulation by a well-schooled and trained criminal.

These numbers are only going to increase as the use of traditional means of finance continue to decrease and reliance on applications and the internet to execute all of our investment and banking needs becomes the only method available. One of the biggest risks to investors and consumers alike is the increased development of Artificial Intelligence, and the abuse of this technology to replicate helpdesks from legitimate financial services companies.

What Should I Do If I Am the Victim of a Cybercrime

What Should I Do If I Am the Victim of a Financial Fraud Attack?

Victims of financial frauds like account takeovers, phishing attacks, pig-butchering scams, are understandably panic stricken and vulnerable after the reality of the attack sets in. Your life savings just vanished.  Your retirement account you spent 40 years accumulating is gone. The worst thoughts enter your mind.  Stop and relax, and follow these steps.

  1. Report the fraudulent transactions to your bank or crypto-currency exchange.  But do not offer details of what happened. Any offer by the bank or brokerage firm to engage in a Q/A about what happened is a trap intended to get you to admit what happened which they will later use against you to absolve them of liability.
  2. Contact Stoltmann Law Offices, whose attorneys have arbitrated and litigated several hundred claims just like yours in the last several years. Our attorneys have the experience to pursue recovery of your money from the financial institutions that facilitated the theft of your accounts.
  3. An attorney will direct you and assist you in reporting the incident to the appropriate law enforcement agencies, and to provide the information they need.
  4. Remember, anything you put in writing will be discoverable in any arbitration or litigation action you pursue to recover your funds.

Seniors Are the Most Vulnerable and Most Targeted for These Attacks

Senior citizens aged 60 years or older are the most vulnerable to cyber related attacks, as they tend to be less technologically educated than younger generations. The 2023 IC3 Internet Crimes report showed that over 100,000 consumer complaints indicated that the victim was 60+ years of age, with losses totaling $3.4 billion in 2023. The second highest number of complaints came from individuals between the ages of 30 – 39, though the reported losses in this age group was only fourth highest at $1.2 billion.

Seniors Vulnerable to Cybercrime and Most Attacked

Anatomy of a Phishing Scam

“Phishing” is a type of scam where crooks “fish” for bites from victims.  They’ll send out fake emails, bogus text messages, and make phone calls with the hope that they land the big one – a consumer with a big account somewhere that they can illicit enough information from and manipulate into providing information sufficient to allow them to clean out the accounts. One all too common phishing scam that many consumers fall victim of, is the phony help-desk phone call, text message, or email.  This form of phishing has been going on for years, but its sophistication has increased dramatically in just the last year, based on our Firm’s discussions and review of documents from hundreds of victims and clients.  Just a few years ago, these fake emails could be spotted a mile away; they looked wonky, the script was off, the font was clearly not what is used by the legitimate company, and the sender of the email was invariably some random email address clearly not affiliated with the company, like Coinbase or Bank of America, for example.

Now, the scammers have upped their game. The phishing emails they send are virtually perfect matches to what a customer would see from a legitimate customer service message.  The way this scam works is simple in its application, but it carries catastrophic implications.  A customer of a bank, like JP Morgan, a brokerage firm like Charles Schwab, or a crypto exchange like Coinbase receives an unsolicited email from the company, alerting them that suspicious transactions have taken place in your account, and the bank, brokerage, or crypto exchange has frozen the transactions pending review.  The message urges you to call a phone number provided to discuss the matter.

The alerted customer, who is obviously concerned, calls the phone number and is greeted by someone who has all of the hallmarks of someone you’d speak to at any help desk.  They ask you routine validation questions, like confirm your account number, PIN, or social security number.  Then they’ll explain how the fraudulent transactions have been stopped, but that in order to do so, they had to freeze your account. In order to unfreeze it, they need you to take a few additional steps to reconnect your access to your accounts. This part takes any number of directions. Sometimes they will convince people to click on a text, open a link in their email, or even allow for them to share-screen directly on your laptop. They’ll thank you for your assistance, and they’ll hang up.  The victim will try to call the number back, but the line is dead.  You’ve been phished and unknowingly just provided access directly to your account to a crook.  Within minutes, they will have wiped out your account.  Desperation and panic sets in as by this point most people realize they’ve been robbed.  The implications are devastating.

Another common scheme involves convincing victims to wire funds from their bank or brokerage account to various payees.  In many instances, these follow the line of schemes that convince the victim that they are wiring money to a legitimate investment outfit only to later find out it is a fraud.  Other times, these wire-fraud cases include fact patters where the victim is bullied or frightening into paying the wires out after being convinced the IRS or some other authority will penalize them, or worse, if they don’t pay the funds out as directed.

There are laws that protect consumers from unauthorized and fraudulent wire transfers.  Specifically, a federal law called the Electronic Funds Transfer Act is a consumer protection law designed to put the onus on the bank processing wire transfers to refund customers for unauthorized wires.  Likewise, the Uniform Commercial Code contains specific provisions for wire transfers that can be used to pursue banks for unauthorized wires.

Do not linger, however. Contact Stoltmann Law Offices immediately if you are the victim of an unauthorized wire transfers scam. Some banks include extremely short time frames (sometimes as little as thirty days) to report unauthorized transactions.  If you don’t take the right steps right away, you could blow your chance to recover your money.

As consumers in the internet age, there is one thing we all must come to terms with: Our information is on the internet somewhere for sale to people that are looking for it.  It’s unnerving, but it is true and consumers must realize that in order to fully appreciate these risks.  There are dark-web marketplaces that actively trade in people’s account information and chat hosted on social media cites like Telegram where criminals convene to discuss their latest methods and how to gain access to critical infrastructure, like cellular/mobile carrier accounts (link to SIM swap blog).

This information is out there because of data breaches.  In 2023 alone, there were multiple massive data breaches involving these major financial institutions:

  1. Bank of America and Capital One – Debt purchasing company, NCB Management Services, suffered a cyberattack in February 2023. Initially, NCB’s response focused on former customers Bank of America but later confirmed that Capital One customer data was breached as well.
    • Almost 500,000 people had their sensitive financial information leaked, including 16,500 Capital One customers.
    • Physical addresses, social security numbers, and account statuses were all leaked in the attack.
    • In addition to Capital One and Bank of America, several other financial institutions were impacted by the NCB breach, including Pathward National Association and Exeter Finance.
  2. Voya Financial Advisors, Inc. – Also in February 2023, the brokerage company found that a third party has access to the sensitive customer data contained in the company’s computer system.
    • Consumer names, address, and social security information was leaked without consent.
  3. Retirement Clearinghouse, LLC – The company, which specializes in automatic portability of retirement plans, notified 10,500 customers that their personal data was compromised in March 2023.
  4. Keenan & Associates – Insurance consulting and brokerage firm informed 1.5 million customers that their personal information was stolen in a cyberattack in August 2023.
    1. “An unauthorized party gained access to certain Keenen internal systems” between August 21 – 27, 2023.
  5. TIAA – On September 27, 2024, the retirement giant for non-profits and university professors reported a data breach that affected 8,977 customers.
    • “Between October 29, 2023, and November 2, 2023, IMS was impacted by a cybersecurity incident in which an unauthorized party gained access to IMS systems and data,” according to the letter., which was signed by Ali Iqbal, president, TIAA-CREF Life Insurance Co. “On November 2, 2023, IMS became aware of the incident and retained a third-party cybersecurity expert to investigate and assist with containment.”

Things got worse in 2024:

  1. Evolve Bank & Trust – The Financial technology solutions provider suffered a ransomware attack in May 2024. It is speculated that LockBit, a well-known gang of cybercriminals, gained access when an employee accidentally clicked on a malicious link, also known as a phishing attack.
    • 7,640,112 customers had their personal information exposed from this attack
  2. HealthEquity – Supply chain financial technology and business service company, including health savings account, detected a system anomaly in March 2024.
    • In June, a forensic investigation found that 4.3 million people had their personally identifiable information, also known as PII was stored in an “unstructured data repository” which was breached by a third party.
    • Personal data affected included full names, addresses, telephone numbers, Social Security Numbers, and payment card numbers.
  3. Financial Business Consumer Solutions (FBCS) – The debt collection agency suffered a data breach as reported in February 2024.
    • 2 million people has their names, addresses, dates of birth, Social Security numbers, driver’s license numbers medical claims, clinical information, and health insurance information.
  4. Fidelity announced on October 14, 2024, that in August 2024, 77,000 customers were exposed to a very invasive data breach, which allegedly involved the compromise of social security numbers and other sensitive financial information.

The non-stop information leaks as a result of targeted attacks that result in these data breaches guarantees that crooks will continue to have reems of intelligence on American consumers in the future.

What Can I Do If I Am the Victim of a Cybercrime?

If you or someone you know is the victim of cybercrime and have lost money as a result, please contact Stoltmann Law Offices at +16463407068 for a free, no-obligation consultation with an experienced attorney.  We understand that victims of these insidious and devastating scams are in no position to pay out of pocket for an attorney, which is why we offer our services on a contingency fee basis, and do not charge any up-front money from clients.  Simply put: we do not get paid until you do.

Let’s Connect and Talk

Since its inception in March 2005, Stoltmann Law Offices, P.C. has dedicated its practice to representing investors in lawsuits and arbitration claims against brokers, financial advisors, investment advisors, and the companies they work for. Our Chicago investment fraud attorneys offer their clients a combined 35 years of experience fighting for investor rights from offices in Chicago, Illinois and suburban Barrington, Illinois and Downers Grove, Illinois.

The attorneys at Stoltmann Law Offices have dedicated their life’s work to representing investors who have been cheated or defrauded by those professionals they trusted with their hard-earned money and retirement savings, recovering in excess of $200 million for investors over the years.

Ph +16463407068

Ph +16463407068