Why Cyber Enabled Fraud Was the Silent Giant of Online Crime in 2024

According to the FBI’s Internet Crime Report, the vast majority of cybercrime activity in 2024 was caused by cyber enabled fraud. Of the $16.6 billion in cybercrime losses reported by the FBI, 83% were due to fraud-based schemes, a 33% increase over 2023. The definition of cyber enabled fraud, the revenue generating strategies used by attackers, and the ways in which a number of variables influenced their success will all be covered in this article.

Old fashioned fraud that has been accelerated by the internet is known as cyber enabled crime. It refers to schemes that use online technology to scale without necessarily hacking anything, in contrast to cyber dependent crimes (like the usage of malware) that require technical exploits. Email, social media, and a variety of other online tools are used by criminals to trick victims and steal identities, money, or data. These scams don’t require a lot of technical knowledge. Just social engineering with a worldwide audience.

To understand this trend, let’s break down the most common fraud types of 2024:

1. Investment Scheme Scams

Investment fraud became the most common cybercrime that caused people to lose money in 2024. Investment scams cost people about $6.6 billion, which is almost twice as much as it was in 2022. Generally speaking, these scams lure people in with the promise of big profits, and the recent hype around cryptocurrencies has helped them grow. About $5.8 billion of those losses came from cryptocurrency investment fraud, which was the subject of 41,557 complaints. This is known as the “pig butchering” scam. Pig butchering is an elaborate planned scam that includes both romance and investment fraud. Scammers make friends with or romantically groom their target online before offering them a cryptocurrency investment that seems too good to be true. Over the course of weeks or months, the victim is tricked into putting more money into what seems like a real investment platform that shows fake gains. The scammers “butcher” the victim (the “pig”) after they have made the largest deposits, taking the money and cutting off all contact.

2. Business Email Compromise

Business email compromise, or BEC, is very close to investment scams. A type of fraud that has consistently cost businesses billions each year. BEC schemes cost about $2.77 billion in 2024, with more than 21,442 incidents reported. This scam doesn’t use malware or hacking; it’s an old-fashioned con that uses fake emails and impersonation to get companies to send money. Scammers usually pretend to be a trusted supplier, CEO, or partner and use email to trick an employee into sending money to a fake account. It’s a low-tech crime that pays off by taking advantage of people’s trust and regular business processes. Even though companies are trying to raise awareness, they still fall for BEC at an alarming rate. Since IC3 first started keeping track of BEC scams in 2015, the amount of money lost has gone up by 1025%. The fact that the scam lasted so long shows that criminals don’t need complicated tools when simple lies work.

3. Tech Support Phone Scams

Another scam that became more popular in 2024 was the old-style tech support scam. Pretending to be from a well-known tech company like Microsoft, Amazon, or a bank, scammers contact victims (usually by phone, email or pop-up message) and tell them their device has a vulnerability or that there is a problem with their account(s). After this part of the process is done, the scammer will trick the victim into sending them money or allowing remote access via fake “fixes.” Older people are more likely to fall for these scams because they may not be as acquainted using technology and may trust authority figures more. In 2024, tech support fraud went through the roof, costing $1.464 billion. In many of these scams, organized groups use call centers in other countries to contact thousands of victims.

Several factors combined made 2024 a perfect storm for online fraud growth. Here are the reasons cyber enabled fraud skyrocketed.

• Generative AI Arms Scammers. Using readily available AI tools, scammers were able to increase the scope and plausibility of their schemes. They can create almost perfect phishing emails (no more clues about poor English) and can even engage in live chats with victims. Deepfake voice technology and images enable criminals to mimic a friend’s voice or executive board members during phone calls. The automation of social engineering also reduces the effort of criminals, increasing the success rates of fraud.
• Tech Based Social Engineering. In 2024, even without using AI, scammers were skilled at manipulating people. They adjusted their methodology to match their target, like pretending to be tech support to fool older people or posing as investment experts to deceive younger individuals interested in cryptocurrency. They used methods like MFA fatigue attacks, where they overwhelm someone with repeated login approval requests until the person gives in and approves one.
• Scam-as-a-Service Ecosystem. Criminal groups sold and rented every service imaginable, from phishing kits to bulk email lists to fake documents, lowering the barrier to entry. Entire call centers overseas handle English speaking victims in tech support and government impersonation scams. In one INTERPOL warning, multinational scam factories were reported across Asia, Africa, and Europe, churning out fraud at scale. This outsourcing model meant a lone scammer could leverage a network of specialists (for a cut of the profits), making fraud campaigns cheap to start and hard to trace.
• Regulatory & Enforcement Gaps. Lastly, cyber enabled fraud was most common in places where financial protections were weak. Scammers asked for payment in cryptocurrency because crypto transactions are relatively anonymous and can’t be reversed. Cross border schemes took advantage of problems with jurisdiction. A victim in the U.S. might be sending money to a criminal in a country where fraud laws aren’t very strong. It’s hard to get money back because of the ways it’s laundered, like crypto mixers and mule accounts. And unlike hacking, fraud doesn’t always set off traditional cybersecurity alarms.

Cybercrime doesn’t always need to use malware. 

Investment fraud, business email compromise, and tech support scams are all examples of scams that only need access, trust, and your data. These attacks often get around defenses by going after people instead of systems.

Discover how BlackFog can help your organization stay ahead of threats at BlackFog.com.