The FBI is not going to show up at your door with blue blazers when you report cybercrime. They don't make any promises to retrieve your money from cybercriminals, but there's been plenty of success stories.
The FBI IC3 (Internet Crime Complaint Center) recorded losses of over $4 billion in 2020 due to cybercrime. This is not an accurate number, admits Bryan Smith, chief of the Cyber Criminal Section at FBI.
"The IC3 reporting is based on what people are reporting to us. And so we don't know how it looks out there. There are some estimates by private industry. Some people say that 40% gets reported, some say 60%, some say as low as 20%," he said during the National Cyber Security Alliance's (NCSA) webinar about cybercrime.
That's why he urged victims to report cybercrime and do it timely. The FBI has a financial fraud kill chain in place. And just last year, together with financial institutions, they were able to retrieve around $500 million for victims.
What will happen once you call the FBI? Smith says that they can be very discreet.
"We are not going to show up in blue coats with the yellow FBI written on the back. Lots of the stuff you can give to us over the phone. Sometimes, if you need us to come out there, we will go out there Friday night at 8 o'clock, and we will work through the weekend, if we need to, and get the stuff you need. If you want us to dress down, FBI agents love to dress down. They can be discrete. We don't want to make a scene there. We want the information," he said.
The FBI doesn't recommend paying the ransom as there's no guarantee you will get any data back. Giving in to criminals’ demands also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
But even if you do pay it, the FBI still urges you to report it so that they can do something about it.
"We want to cut out the ecosystem on this, and so people not paying the ransom is probably the best way. At the end of the day, we recognize that people have to make business decisions. Our ask of people is that if they do pay the ransom, please still report it to us. If we get that information, we might be able to do something about it. Perhaps, we might get the money back. But we certainly can't get it back to you if you don't report it to us," Smith said.
There are many success stories of businesses being able to prevent cyberattacks or mitigate the damage. It does not necessarily make the news, though, as we usually hear the bad news first. And sharing that information is essential, too.
"Success comes from people taking actions. And it's not something they are going to be able to wish away. And so that's where the entities that get this right are the ones that are sharing information. They are the ones that are being protected. And so every day, we've got public and private partnerships, and we've got entities who are sharing data across industries and seen indicators of compromise and passed them along to competitors who are then protecting their networks. Those are successes that we see daily," Smith said.
He is hopeful that we are turning the corner on reporting. There are still many attacks that happen, but law enforcement is not informed about them.
"If there's a bank robbery, for example, Bank of America is going to call the FBI or local law enforcement, and have them out there and give them everything that they need to solve it. We don't necessarily have that in the cyber arena," he said.
To make sure we are winning the cyberwar, it's crucial to report the crime and give the information and details that law enforcement needs to investigate it.
"You tell us that there's a bank robbery, but you don't give us the note that has the fingerprint of the robber. Sitting in a silo will keep us in the same position that we are right now. (...) We can't make promises, but we certainly can't do anything if you don't report," Smith said.
More from CyberNews:
Subscribe to our newsletter