Each year, plenty of reports emerge detailing the frequency and severity of cyberattacks, but perhaps few are as important as the FBI’s Internet Crime Complaint Center’s annual report.

The IC3’s 2022 report includes plenty of interesting cyberattack statistics. Phishing remains the most commonly reported cyberattack and California residents lost more money than those who live in other states.

But the big ones are how many complaints have been recorded by the IC3 and how much money victims lost to internet scams. The total number of complaints recorded actually dropped in 2022, reaching a little over 800,000 compared to the more than 847,000 recorded in 2021.

The amount of money lost, however, skyrocketed. Cybercrime victims lost $10.3 billion in 2022 compared to the $6.9 million lost the year prior.

In this installment of the BlackCloak Thursday Threat Update, we’ll cover a warning the FBI issued about another hotly contested area, as well as a data breaching affecting millions who use a mental health app.


FBI issues warning over crypto scams

What we know: The FBI’s Internet Crime Complaint Center issued a warning regarding a spike in cryptocurrency schemes. The IC3 found crypto scam victims lost more than $2 billion in 2022. The agency said in its warning the scams commonly feature the cybercriminal attempting to establish a relationship of trust with their target, and once they do, try and persuade them to invest cryptocurrency through fraudulent apps and websites. Should they do so and attempt to withdraw the funds, the victim will be told they will have to pay fees or taxes, and even if they do, they will likely be unable to retrieve the money they initially invested. The IC3 also detailed new versions of these scams, including liquidity mining and play-to-earn schemes.

Recommendations: If you encounter one of these scams, the FBI recommends reporting the activity to the IC3 via its website. In the event someone approaches you claiming to be able to enhance your investments, or claiming that your accounts are in danger, do not send them any money, personal information or login credentials. No legitimate entity will ever ask for any of these items. If it sounds too good to be true, it probably is. It’s also a good idea to research any investment opportunities, cryptocurrency apps and websites before you spend any money. If the venture turns out to be fake, it will be almost impossible to retrieve any money you’ve invested.


Mental health app data breach affects more than three million

What we know: Mental health application Cerebral disclosed it experienced a data breach affecting around 3.17 million users. The data was leaked to third parties via a tracking pixel’s data logging feature. Cerebral estimates the data was leaked to third parties from October 12, 2019 to January 3, 2023. Exposed data points included users’ names, phone numbers, email addresses, dates of birth and various mental health related information.

Recommendations: Given the information exposed in the breach, victims may be targeted for phishing attacks, either via email, or through spam SMS text message, a practice known as “smishing.” Cerebral is offering a free month of credit monitoring for anyone at risk of identity theft and fraud, and has advised users to reset their passwords out of an abundance of caution.


Keep your crypto safe

Cybercriminals are looking for any money they can get their hands on, but crypto is particularly appealing. Due to its anonymous nature, it is far easier for cybercriminals to disappear with stolen crypto funds compared to other forms of currency. Thus, it’s important to know how to protect your money from falling into the wrong hands.

Learn why it’s difficult for crypto scam victims to get their money back and how cybercriminals deploy SIM hijacking attacks to breach crypto accounts.