As part of its mission to protect against criminal threats “…which are increasingly emanating from our digitally connected world,” the FBI’s Internet Complaint Center (IC3) collects complaints of cybercrime incidents and reports on them annually. According to the report, 2022 set a new record for “cyber-enabled fraud” losses, which increased to $10.3 billion for the year (48% compared to 2021).
These cybercrime statistics are staggering on their own, but keep in mind they only account for reported incidents. Because at least some of these crimes go unreported, the problem is even larger in reality. As a provider of online brand protection, we at Allure Security looked at the report and culled data especially relevant to our audience and customers having to do with online brand impersonations.
Online brand impersonation fuels top cybercrime types
Phishing ensnared the most victims in 2022 (300,497) and investment scams cost victims the most money ($3.3 billion). Losses from investment scams increased a staggering 127% over 2021 and the average loss per victim also increased 53% over 2021. The table below compares 2022 to 2021 in terms of total victims, total losses, and average loss to cybercrimes related to phishing, investment scams, and spoofing.
| 2022 Victims | 2022 Losses | 2022 Avg Loss | 2021 Victims | 2021 Losses | 2021 Avg Loss | |
| Phishing | 300,497 (↓ 31%) | $52,089,159 (↑ 18%) | $173 (↑ 27%) | 323,972 | $44,213,707 | $136 |
| Investment Scams | 30,529 (↑ 48%) | $3,311,742,206 (↑ 127%) | $108,479 (↑ 53%) | 20,561 | $1,455,942,193 | $70,811 |
| Spoofing | 20,649 (↑ 11%) | $107,926,252 (↑ 31%) | $5,227 (↑ 18%) | 18,522 | $82,169,806 | $4,436 |
The IC3 report does clarify that any one complaint may include multiple crime types. This corresponds with what Allure Security sees in the online brand protection field and each of them typically involves the impersonation of a brand online:
- Phishing involves a fraudster impersonating a legitimate company communicating with potential victims via a digital communication channel (e.g., email, text messages, etc.) asking them for personal data, financial information or log-in credentials. Of course in our field of online brand protection that typically involves directing a victim to a fake or spoofed website, social media profile/post, or mobile app.
- Investment scams involve a scammer spoofing their brand and/or employees via a fake website, deceptive social media account or post, or misleading mobile app. These scams also employ phishing tactics to steal payment details, credentials, etc. from victims.
- Spoofing is singled out as something that is often used in connection with other crime types since it’s “deliberately falsified” content used to mislead and impersonate a legitimate source.
Brand impersonation & investment scam notes from the field
Cryptocurrency investment fraud grew 183% in 2022 from $907 million in 2021 to $2.57 billion. Relatedly, we’ve seen an increase in the impersonation of cryptocurrency service provider employees and cryptocurrency influencers/analysts on social media. Via their profiles and posts, these imposters will hawk investment opportunities that require the divulging of personal information, cryptocurrency wallet credentials, etc. and don’t end up paying anything out.
Another variation on the theme is someone commenting on a cryptocurrency-related video on YouTube and mentioning a particular investment adviser that helped them quadruple their money. That comment will also include a link to a fake website or WhatsApp contact information purporting to be that of this investment advisor that is actually controlled by the scammer.
Here’s a video of Robert Fernandes, CISO at The Investment Center, explaining more about this phenomenon during a webinar:
Fernandes has also seen investment scammers abuse FINRA’s BrokerCheck in order to lend credibility to their con. FINRA created its BrokerCheck system to help consumers make informed choices about brokers and brokerage firms. Fernandes has observed scammers creating fake social media profiles or websites impersonating advisors at an investment firm that links to the actual advisor’s FINRA BrokerCheck listing in an effort to lend credence to their scheme.
In this video from the same webinar, Fernandes walks us through this particular tactic:
Is there hope for the battle against record-breaking online fraud?
Absolutely there’s hope for your brand in finding and eliminating online brand spoofing and related cybercrimes – and in many cases, before a single one of your customers falls victim. Allure Security, for example, applies automation and AI to sifting through the mind-boggling amount of online content approved each day to identify spoofed websites, social media profiles and posts, and mobile apps for our customers. Because we look at more of the internet each day than any other online brand protection vendor or alternative method, we find more online brand impersonation attacks earlier in their lifecycle.
But don’t just take our word for it. Here’s what a Senior Director of Security Engineering for a leading social marketplace for fashion said recently:
Allure Security was able to find phishing sites that no other vendor could find…[A website] was taken down within 24 hours…Detection is top notch with features like web beacon and suspected domains (domains which are parked). Takedown is great with features like decoy integration.
What You Should Do Next
- Contact us if you’re ready to nearly instantaneously enhance your visibility of and response to abuse of your brand online.
- Get tips on improving your organization’s online brand protection with our free Busy Person’s Guide to Online Brand Protection.
- Read our blog post about why Gartner® recognized Allure Security in its 2022 Emerging Tech: Adoption Growth Insights in Digital Risk Protection Services Report.
