Scammers are Winning: € 41.3 ($ 47.8) Billion lost in Scams, up 15%

With the COVID-19 pandemic, the scam industry has boomed worldwide. In our 3rd Global State of Scams Report, 42 countries were analysed on the number of people scammed, the amount of money lost and the ways in which national governments, consumer authorities and law enforcement are combating scams.

Number of Scams Boomed

The number of reported scams increased from 139 in 2019 to 266 million in 2020. The massive growth is caused mainly due to the COVID-pandemic, and in part as more countries have started to report online fraud.

While the definitions and reporting methods used by different countries for scams differ strongly, nearly all nations have reported large increases in the number of reported scams. Egypt (190%) and Nigeria (186%) reported the most dramatic increase in the number of scams. Other developing countries such as Iran, India and Pakistan also reported strong growth in the number of scams of around 90% as the population massively moved to the internet. Only a few countries reported minor decreases including Belgium, Japan, and Sweden.

Figure: Growth in reported number of scams per country

The amount lost grew from € 36 ($ 41.7) to € 41 billion ($ 47.8). The number of scams and money lost is likely to be only a small fraction of the actual size of online fraud. Depending on the country, less than 3% and up to 15% of consumers report a scam. Based on a previous study by ScamAdviser, the cause behind these numbers lies in that 23% of consumers do not know where to report scams and 11% do not think it will make any difference.

Investment scams are on the rise

The money lost per victim and the type of scams differ strongly by country. From less than € 10 for fake shops, counterfeiters and subscription traps to several hundreds of thousands for ransomware, Business Email Compromise (BEC) and investment/crypto scams.

While phishing continues to be the most common type of scam globally, the pandemic has introduced new twists on old scams. In 2020, scammers first focused on masks, respirators, and disinfectants. Moving forward, they introduced ‘COVID-19 charities’, ‘vaccine pre-registration’ and ‘get your Corona government grant’.

New scams popped up as well. As families were looking for a pet during the lockdown, pet scams,  where a puppy ordered never arrived, gained traction. Scammers also became better at ‘up-selling’. Delivery scams in which the victim first buys a product that never ships, and then is charged “custom fees” by the same scammer, boomed. Scammers seem to be able to translate the latest developments into scams within hours. For instance, they used bush fires in Australia for charity hoaxes and the Evergreen containership crisis for investment scams.

Some scams seem to be region-specific. Australia reported an increase of 140% in threat-based scams, which typically involve scammers threatening victims with arrest, deportation or legal action unless money is paid. Likewise, Malaysia reported an increase of 450% in “Macau” scams where a fake bank, government or police officer approaches the victim with a fee that must be paid within hours or consequences have to be faced. Switzerland has proven to be extremely vulnerable to investment scams, reporting the highest amount stolen per report of more than € 25,000.

There is also a clear trend of personalizing scams based on data gathered from hacks and the use of local languages. Finland, for example, reported a 15% increase in online fraud where phishing scams are increasingly translated to Finnish.

COVID-19 also introduced seemingly unrelated increases of “drivers licence scams” and “thesis writing extortions”. Huge queues for taking a driver’s license exam in Germany and Ireland made people more prone to order a fake license online. The same applies to students worldwide searching for support when writing a an academic paper or thesis. In both cases the document never arrives, and the victim is unlikely to report the scam to the authorities.

With the “zero-interest” economy and boredom, many - especially males - proved to be willing victims to “investment opportunities”. These scams, also called ‘pig-butchering’, can run for 3, 6 or even 12 months. The scammer builds up a trusted and sometimes romantic relationship with the victim before inviting him to invest in an ‘incredible opportunity’.

Countries are becoming creative

To fight scams, many countries have resorted to more aggressive annual awareness campaigns. However, results seem to be mixed. As the themes of the scam change (e.g. pet scams, COVID grants), citizens worldwide still seem to fall for them, despite earlier warnings.

A strategy applied by the Irish police seems a cheaper and more effective strategy. Each week a new kind of scam is published on social media and pushed to both local and national media agencies. This strategy helps to keep cybercrime in the minds of consumers who could fall victim to various scams.

Simple changes can sometimes have big impacts. The government of Iran, for example, made two-factor authentication mandatory for banking apps. As a result, the number of banking phishing scams dropped by 90% in one year.

The Center for Cybersecurity Belgium (CCB) launched an email address to report phishing emails. It has proven to be a huge success. In 2020, the CCB received 3.2 million emails. The data collected is used to feed Internet filters, protecting Belgium citizens from malicious domains.

Likewise, the government of Taiwan has launched an Open Data Initiative, sharing cybercrime related data with both government organizations, non-profits and commercial organizations to combat online fraud.

Some countries are trying new approaches. For instance, Pakistan is training CyberScouts, who can be police officers as well as students and youngsters. Goal: ingrain cybercrime awareness in local communities.

The Japanese Minami Precinct launched Operation “Pretend to Be Fooled”. This new crime-fighting program asks people who have been contacted by someone claiming to be a family member or friend in need of cash to notify the police. The potential victim and the police then work together to catch the scammer. The target victim receives a reward of 10,000 yen (€ 77.-).

Too Little; Too Late?

In recent years, the attention of governments has mainly been on “larger cybercrimes”, hacks, DDOS attacks, BEC and ransomware. However, this is rapidly changing, in some cases because a (prime) minister publicly fell for a phishing scam, as occurred in Pakistan and South Africa.

In terms of the money lost, scams now make up 5% of total cybercrime, estimated by McAfee to be € 815 billion ($ 945) billion in 2020. In terms of volume, online scams are a much bigger part of cybercrime. According to Group-IB, scam and phishing account for 73% of all cyberattacks.

Due to the strong increase in scams, online security firms are scaling up. Trend Micro, for example, is heavily investing in new anti-scam services, such as the real-time scam detection tool Trend Micro Check. In 2021 they already blocked more than 2.4 billion phishing emails and scam site visits.

Countries’ policies for fighting scams differ strongly. English-speaking countries seem to take the lead with intensive awareness campaigns, centralized online reporting on sites like Fraud UK and ScamWatch Australia and centralized special cybercrime units such as the FBI IC3 and the Canadian Anti-Fraud Center.

In other countries, scam reporting is fragmented across well-willing government initiatives, public-private partnerships, and local police units with little to no cybersecurity experience. In developing countries, such as Kenya and Pakistan, victims sometimes have to travel hundreds of miles to report a scam physically at a local police station only to be turned down by a police officer stating that the victim “should have known better”.

How can we turn the Tide?

In many countries, scams are now the most reported form of crime. In Sweden, fraud made up 5% of all crime cases reported in 2000. Now, this value is 17%. In the UK and the USA, scams are in 2021 the most commonly experienced form of crime. Finally, Singapore states that 44% of all reported crimes are related to online scams.

The World Economic Forum estimates that 0.05% of all cybercrime is prosecuted. This makes scams, which are even more underreported than “big cybercrimes”, a very lucrative business.

While many developing countries are now focusing on building cybercrime awareness amongst their populations, more industrialized countries have learned that education alone is not enough.

Spain, with its 017 initiative accessible via phone, WhatsApp and Telegram and the Netherlands with easier online reporting have seen a strong growth in reported cybercrime. While this may not look good in police statistics, better data is the first step to fighting back.

The next step is increased national sharing of data. In the USA, the Federal Trade Commission is taking a leading role in gathering all scam-related data, collecting and sharing data with 3,000 federal, state, and local law enforcers across the country. Likewise, ScamWatch Australia is intensifying cooperation with Australian law enforcement, the Financial Regulation Commission, banks, telecom operators and social media companies.

In Europe and Australia, new legislation is making banks more responsible for phishing and investment scams. If the scam could have been prevented by the bank, the victims have to be compensated for their loss. This has spurred banking associations to fund anti-phishing campaigns. According to several countries, the next action to take, should be for tech giants to take more responsibility, using their own data to better identify and prevent scams.

While the USA, Canada and Australia have started sharing scam data amongst each other, most countries still linger. Yet, sharing online fraud data globally is the only real solution to turning the tide on the worldwide epidemic of scams as it allows faster identification, prevention, investigation and prosecution. A lot of work remains to be done.

The full report will be presented at the Global Online Scam Summit.