Annual fraud report highlights crypto insecurity

By Eden Iscil, Public Policy Associate

Earlier this month, NCL’s Fraud.org project released its annual Top Ten Scams report. After collecting thousands of consumer complaints, we sorted through the data to share the major trends from the past year. We saw some interesting trends! 

As the pandemic has entered its third calendar year, notable patterns included median dollar losses from fraud reaching a 10-year high and investment-related scams increasing by almost 170 percent, likely due to the rising popularity of cryptocurrency. So, consumers who lose money to scams are losing more of it. And cryptocurrency-related scams are something we all need to start paying attention to. 

These are the top ten scams reported to Fraud.org in 2021: 

  1. Prizes/Sweepstakes/Free Gifts  
  2. Internet: General Merchandise  
  3. Phishing/Spoofing  
  4. Fake Check Scams  
  5. Friendship & Sweetheart Swindles  
  6. Investment: Other (incl. cryptocurrency scams)  
  7. Advance Fee Loans, Credit Arrangers  
  8. Family/Friend Imposter  
  9. Computers: Equipment/Software (incl. tech support scams)  
  10. Scholarships/Grants 

The categories with the highest median losses were fake check scams at $2,000 and investment scams at $1,750. 

Focus: Cryptocurrency driving investment fraud 

Fake check scams have often scored near the top on our annual trend reports, but investment scams jumped several ranks, more than doubling their share of consumer complaints. Given the explosive growth of cryptocurrency usage in 2021, the emerging market likely provided an opening for fraudsters to take advantage of still-developing regulations and a lack of consumer knowledge about these new forms of investing.  

Fraud.org’s data appears to take the same shape as trends from the Federal Trade Commission (FTC), which had reported a ten-fold increase in cryptocurrency fraud. The FTC’s data spotlight on cryptocurrency scams also included a median loss of $1,900, a figure further demonstrating the heightened risk that consumers face within this sphere. Unfortunately, consumer protections in cryptocurrency usage are largely a patchwork of state-by-state rules, with some trading regulated by the Securities and Exchange Commission (SEC). 

Notably, Bitcoin and Ethereum (the two most popular cryptocurrencies) have so far been exempt from the SEC’s strictest oversight requirements, as it is considered a commodity rather than a security. The lack of comprehensive, nationwide protections coupled with the fact that these coins exist to be anonymous, instant, and irreversible creates an unsafe environment for consumers—especially ones who may be entering this space for the first time.  

Although media buzz has generated a lot of interest in crypto, with reports often centered on the potential for eye-popping returns, these articles do a disservice to readers if they don’t include the risks involved. Market volatility, a lack of consumer protections, and environmental damage only scratch the surface when it comes to hazards related to virtual currencies. These liabilities can be minimized by sticking with traditional forms of payment and investment—pending comprehensive regulation of digital coins. 

The full Top Ten Scams Report for 2021 can be found here. Additionally, Fraud.org’s February Fraud Alert includes great tips to help consumers better protect themselves against 2021’s top scams. 

Will Obama’s cybersecurity plan help consumers? – National Consumers League

It seems appropriate that the Obama Administration chose Safer Internet Day to announce its new Cybersecurity National Action Plan (CNAP). At a time when massive data breaches continue to be the norm, rather than the exception, it is heartening to see the President take comprehensive action to address ongoing threats to consumers’ data. So, what are some of the highlights of the CNAP? Will it help consumers getting pummeled by data breaches? 

Let’s take a look… 

Establishing a “Commission on Enhancing National Cybersecurity”

Bringing together cybersecurity experts to talk shop and recommend solutions is rarely a bad idea. Importantly, the CNAP is charged with delivering a report of its findings and recommendations to the President on December 1, 2016, which should make for interesting reading by data security geeks like yours truly. The CNAP calls for the Commission to be made up of “top strategic, business, and technical thinkers from outside of Government.” Within the Executive Order itself, the Commission membership qualifications are spelled out in greater detail as “those with knowledge about or experience in cybersecurity, the digital economy, national security and law enforcement, corporate governance, risk management, information technology (IT), privacy, identity management, Internet governance and standards, government administration, digital and social media, communications, or any other area determined by the President to be of value to the Commission.”

Notice something missing there? If you said “consumers,” give yourself a gold star. All too often, the job of protecting consumers’ data is punted on to the backs of consumers themselves. While doing things like enabling two-factor authentication, using good digital hygiene, and paying attention to credit reports is never a bad idea, it can’t be the only solution. The companies and agencies that collect and use consumers’ data must have real skin in the game when it comes to protecting that information. We hope that the new Commission will take a look at the role that data security standards, strong data breach notification requirements, and cyber insurance can play in strengthening data protections.

Empowering Americans to secure their online accounts

At NCL, we’re big fans of the great work the National Cyber Security Alliance is doing to arm consumers and businesses with the tools to enhance their own data security. By embracing two-factor authentication, the Administration is putting its imprimatur on a common-sense data security tool that all consumers should be using whenever possible. Kudos, too, for looking at ways for federal agencies to practice what they preach by looking for ways to implement stronger authentication methods and reduce the use of Social Security Numbers as an identifier for citizens. (P.S. If you use Google services and need some extra incentive to up your security game, our colleagues at Google are offering two free gigabytes of Google Drive storage to anyone who completes their Security Checkup).

Investing $19 billion+ for cybersecurity as part of the President’s Fiscal Year (FY) 2017 Budget

This is the part of the CNAP that’s getting the most press and, frankly, will probably be the toughest part of the plan to get over the finish line, given election year politics in Washington. However, given the cybersecurity skills gap, it’s heartening to see the President’s budget proposing a package of student loan forgiveness, increased cybersecurity hiring, small business training, and technology modernization initiatives. Last year’s OPM data breach made the consequences of relying on out-of-date technology painfully clear. And for goodness sakes, it’s time for every federal agency to get off Windows XP, already!

There’s lots more to dig into in the CNAP, but overall, it’s got a lot to like from a consumer point of view. As the Plan correctly recognizes, “there is no silver bullet to fully guarantee our data security.” The fight for better data security is going to take lots of hands, and we applaud the President for proposing ways for us all to get in the trenches.