Internet crime cost victims $1.42 billion in 2017, according to the FBI’s Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, but the most popular attack vectors may surprise you.

Of the 33 types of security incidents reported, non-payment/non-delivery attacks were the most prevalent, with 84,079 reported in 2017, the report found. In these scams, goods and services are shipped but payment is never rendered, or payment is sent, but goods and services are never received. These attacks cost victims $141 million.

Personal data breaches came in second place, with 30,904 attacks that cost victims $77 million. And phishing attacks rounded out the top three, hitting 25,344 victims and costing them nearly $30 million.

SEE: Security awareness and training policy (Tech Pro Research)

Despite the spread of WannaCry, ransomware attacks fell in 2017, the report found. Ransomware came in at no. 24 on the list of most popular attacks, with 1,783 incidents reported in 2017–down from 2,673 in 2016. These attacks cost victims more than $2.3 million in losses, the FBI found.

The FBI does not suggest that businesses pay the ransom in attempts to unlock their files, the report noted. “Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom,” the report stated. “Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved.”

Instead, companies that become victims should report the incident to their local FBI field office immediately, the report noted.

The report also highlighted some growing trends seen last year. Business Email Compromise (BEC) and Email Account Compromise (EAC) led the pack with the most victim losses, adding up to more than $676 million. BEC is a scam targeting businesses working with foreign suppliers or those that perform regular wire transfers, while EAC is a similar scam targeting individuals. Attackers carry out these scams by using social engineering or computer intrusion techniques to compromise legitimate business email accounts and conduct unauthorized transfers of funds, the FBI noted.

Tech support scams also grew, netting criminals $14.8 million in 2017. In these attacks, fraudsters claim to provide customer, security, or technical support to gain money from victims or access to their devices.

The IC3 has received more than 4 billion internet crime complaints since its inception in 2000.

Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • Cybercrime cost victims $1.42 billion in losses in 2017. — FBI, 2018
  • The number of ransomware attacks fell from 2,673 in 2016 to 1,783 in 2017. — FBI, 2018