A Milestone Year for a Growing Threat

2024 marked the 25th anniversary of the FBI’s Internet Crime Complaint Center (IC3) and while their efforts are worthy of celebration, those on the receiving end of cybercrime in 2024 had little to celebrate. The latest annual report paints a sobering picture, as cybercrime continued to escalate, accounting for $16.6 billion in losses. Email-based threats continued to lead the charge, including phishing scams, ransomware, business email compromise (BEC) attacks and more. In short, phishers are getting bolder and more sophisticated while successful threats are costing victims more than ever.

Let’s take a closer look at what the IC3 report revealed—and why now is the time to take your email security strategy seriously.

A Record-Breaking Year for Cybercrime

The IC3 received 859,532 complaints in 2024, which is a 33% increase from the previous year. Total reported losses hit $16.6 billion, making it the costliest year on record. And, over the past five years alone, Americans have reported $50.5 billion in total losses from cybercrime.

Email Attacks Continue to Dominate

Email phishing remains the #1 attack vector, with 193,407 complaints and more than $70 million in reported losses in 2024. Why? Because phishing works. These schemes prey on human behavior and human error comes into play in more than 85% of all phishing attacks, causing us to click a bad link or open a malicious attachment.

Business Email Compromise (BEC), meanwhile, remains one of the most financially devastating threats. In 2024, there were 21,442 BEC complaints, resulting in a staggering $2.77 billion in losses. That’s nearly $130,000 per incident. These attacks don’t just impersonate brands, they often impersonate people inside an organization to redirect payments or steal sensitive data. While many believe that only big companies are targets, the truth is that small and mid-sized businesses are often the least protected and easiest to exploit.

Other Alarming Trends in Cybersecurity

The FBI’s report also uncovered a number of other notable threats:

• Tech Support Scams: 36,002 complaints, $1.46 billion in losses

• Data Breaches: 3,204 complaints, $365 million in damages

• Ransomware: 3,156 complaints—a 9% rise from 2023—and labeled the top threat to critical infrastructure

• Cryptocurrency Fraud: $9.3 billion in losses, up 66%, with older adults (age 60+) taking the brunt

• Malware: While there were just 441 complaints, these are often underreported, and the damage can be immense.

Nearly 83% of all reported losses to IC3 in 2024 were tied to cyber-enabled fraud—criminals using email, websites, and online platforms to commit theft, impersonate companies, and steal personal information.

Cyberthreats - Who’s Being Targeted?

The FBI defines cyberthreat as “a malicious act that seeks to damage data, steal data, or disrupt

digital life in general. Cyber threats include ransomware, viruses and malware, data breaches,

Denial of Service (DoS) attacks, and other attack vectors”. Of these types, ransomware attacks have probably made the most headlines in recent years (think Colonial Pipeline, JBS USA, or Ascension Healthcare). Well, the rise in ransomware attacks can be attributed to AI and Ransomware as a Service (RaaS).

If you’re not familiar, RaaS operates on a business model whereby cybercriminals lease ransomware tools and infrastructure to other attackers, often for a percentage of the ransom profits. This model has evened the playing field for cybercriminals, allowing less skilled attackers to launch devastating attacks. According to the FBI, in 2024, ransomware and data breaches were the most reported cyberthreats among critical infrastructure organizations. In fact, the FBI’s IC3 team recognized 67 new ransomware variants in 2024.

Cyberthreats accounted for $1.571 billion in losses across multiple industries in 2024 and those industries hurt the most included:

• Critical Manufacturing

• Healthcare/Public Health

• Government Facilities

• Financial Services

• Information Technology

There’s Hope—and Help

It’s not all bad news. The IC3 continues to play a vital role in fighting back. In 2024:

• The IC3 Recovery Asset Team responded to 3,020 fraud cases, helping freeze 66% of attempted thefts, amounting to $848 million.7

• Initiatives like Operation Level Up prevented an estimated $285 million in additional fraud losses from cryptocurrency investment scams.

• International partnerships led to 215 arrests tied to fraud.

Cybercrime and phishing attacks are intensifying, and email remains a prime target. For MSPs, businesses, and IT leaders, prevention is key. You need a third party to detect impersonation, prevent phishing, and stop BEC in its tracks.

At INKY, we use AI-powered email security to catch threats others miss. Whether it’s stopping a fake invoice from reaching your finance team or detecting a subtle brand impersonation scam, INKY helps you protect your inbox and your revenue stream.

It’s time to get ahead of the threats. Learn more about INKY’s email security solutions and how we can help you reduce risk and stay secure in 2025. Making time for a free INKY demonstration will make you a believer.

----------------------

INKY is an award-winning, behavioral email security platform powered by artificial intelligence/Gen AI, machine learning, and computer vision. INKY blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.

*Source: https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf