Full Report
The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year. [...]
Analysis Summary
The provided article is a summary of broad fraud statistics released by the US government (likely the FTC) for the year 2024, not a report on a specific, contained security **incident** involving a single organizational breach or attack progression. Therefore, the timeline and attack vector sections will reflect the general trends of fraud reported, rather than a specific breach sequence.
# Incident Report: 2024 US Consumer Fraud Statistics Report
## Executive Summary
In 2024, Americans experienced record losses due to fraud, totaling $12.5 billion across 6.5 million reported incidents. The most common contact method for scammers was email, although phone interactions resulted in higher median individual losses ($1,500). A significant trend noted was the rapid increase in losses from job scams, which nearly tripled in four years.
## Incident Details
- Discovery Date: Specific date not applicable; data compiled for the full year 2024.
- Incident Date: Primarily covers activities occurring throughout 2024.
- Affected Organization: US Consumers/General Public (Reported via FTC).
- Sector: Cross-sector (Reported impacting numerous consumer segments).
- Geography: United States.
## Timeline of Events
*Note: This section reflects reporting trends for the year, not a sequential attack sequence.*
### Initial Access
- Date/Time: Throughout 2024.
- Vector: Communication channels (Email, Phone, Text message).
- Details: Email was the most common contact method, followed by phone calls and then text messages. Online scams accounted for over $3 billion in losses collectively.
### Lateral Movement
- N/A (This covers fraud reports, not network intrusion).
### Data Exfiltration/Impact
- Data Affected: Financial loss, identity theft reports.
- Details: Total reported losses reached $12.5 billion. Specific significant fraud categories included 118,960 reports of investment fraud schemes and 845,806 reports of imposter scams.
### Detection & Response
- Detection: Data collected through the FTC's Consumer Sentinel Network (Sentinel) database, receiving 6.5 million reports in 2024.
- Response Actions: Law enforcement professionals (approx. 2,800 agencies) use the Sentinel database for tracking trends and investigating fraud. Victims reported incidents via ReportFraud.ftc.gov.
## Attack Methodology
*Note: This section maps general fraud vectors to common ATT&CK concepts based on the reported methods.*
- Initial Access: Phishing (Email), Vishing (Phone calls), Smishing (Text messages).
- Persistence: N/A (Focus is on initial contact and transaction, not network persistence).
- Privilege Escalation: N/A.
- Defense Evasion: N/A (Applies to technical evasion; social engineering used for deception).
- Credential Access: Social engineering targeting personal information for financial access.
- Discovery: Not applicable in a technical sense; social engineering used to elicit information.
- Lateral Movement: N/A.
- Collection: Gathering personal or financial details via deceptive means.
- Exfiltration: Transfer of funds following successful scams (e.g., fraudulent payments).
- Impact: Financial theft.
## Impact Assessment
- Financial: Record $12.5 billion lost across all reported fraud types. Median loss for phone scams was $1,500 per person. Job scam losses grew to $501 million (up from $90 million in 2020).
- Data Breach: Loss of financial assets and potential exposure of Personally Identifiable Information (PII) leading to imposter scams.
- Operational: Not specified for any single entity; impacts consumer confidence and public systems.
- Reputational: Not specified for any single entity.
## Indicators of Compromise
*Note: Indicators are generalized based on the reporting channels.*
- Network indicators: Not applicable (Focused on communication vectors, not malicious infrastructure).
- File indicators: Not applicable.
- Behavioral indicators: Consumers most frequently reporting contact via email, followed by phone and SMS; significant increase in reports related to job scams.
## Response Actions
- Containment measures: Victims advised to report to ReportFraud.ftc.gov and IdentityTheft.gov.
- Eradication steps: Law enforcement utilizes the Sentinel data to track and investigate perpetrators.
- Recovery actions: FTC distributed $25.5 million to victims of tech support scams sourced from prior reports.
## Lessons Learned
- Trend Awareness: Younger demographics (20-29 years old) were highly susceptible, accounting for 44% of reports filed last year.
- Vector Effectiveness: While email is the most frequent contact source, phone scams resulted in the highest median loss per victim.
- Job Scams: The surge in job scam reporting highlights a critical vulnerability in employment recruiting environments.
## Recommendations
- Enhanced Consumer Education: Target educational efforts specifically toward younger demographics regarding common online and job-related fraud schemes.
- Multi-Channel Vigilance: Organizations should implement security controls that account for high-volume threats across email, voicemail/phone, and SMS channels.
- Financial Monitoring: Consumers should be strongly encouraged to monitor financial accounts and report suspected employment or investment opportunities immediately through official channels.