Minnesotans reported losing more than $12.6 million to cyber criminals last year, up more than 35 percent from 2015, through scams such as invasive malware and fraud on dating sites, according to the FBI.
The bureau's Internet Crime Complaint Center (IC3), which released its annual report on cybercrime this month, said it believes just 15 percent of victims report their cases to the authorities.
"We think there is underreporting of these scams, due in part to shame and humiliation associated with being a victim," said Supervisory Special Agent Patricia Weber in the FBI's Minneapolis office, adding that such victims are often seniors.
Agents in Minneapolis cited an uptick in compromised business e-mails and "romance scams," in which increasingly sophisticated criminals use online dating sites to entangle victims, sometimes causing them to drain their life savings.
Business e-mail compromise ($360 million) and confidence fraud/romance schemes ($219 million) were the leading crimes nationally in 2016. Victims 60 or older were the most common and reported losing the most last year.
The FBI believes that simple safeguards can make a difference, and it has issued alerts recommending that businesses exercise caution when posting details on company websites or social media, use two-factor authentication for corporate e-mail accounts and vet unfamiliar e-mail accounts.
"When you see a return address on a letter, what does that tell you? Nothing," said Supervisory Special Agent Michael Krause in Minneapolis. "You have to understand the internet operates the same way. There's no assurance the message is coming from who you think it's coming from."
The number of Minnesotans reporting crimes remained steady at 3,390, even though the dollar volume of losses rose sharply. The state's victims reported losing more than neighboring Wisconsin ($10.3 million), Iowa ($5 million), and North and South Dakota ($859,856 and $933,723, respectively), which are also covered by the FBI's Minneapolis office. California typically fields the country's largest loss reports; it led all states last year with $255 million in reported losses.
Last month the FBI issued a public service announcement noting that it identified a massive increase in losses through business e-mail scams since January 2015 and that it had traced fraudulent wire transfers to 103 countries. The FBI said banks in China and Hong Kong were the primary destinations for fraudulent fund transfers, while banks in the United Kingdom have also since taken on a more prominent role.
The extradition to Minnesota this month of Peteris Sahurovs, a 28-year-old Latvian man, illustrates the far-flung nature of the frauds, making for long investigations. A grand jury in Minnesota indicted Sahurovs in 2011 for allegedly defrauding victims of more than $2 million in a "scareware" scheme that involved posing as a fictitious hotel chain and running ads on the Star Tribune's website. The scam infected consumers' devices with malware that required visitors to buy $50 antivirus software to regain control of their computers.
Polish authorities apprehended Sahurovs in November 2016, more than five years after he fled after his initial appearance in a Latvian courtroom. Sahurovs once became the FBI's fifth most-wanted cybercriminal.
Massoud Amin, who directs the University of Minnesota's Technological Leadership Institute, said attacks like Sahurovs' alleged scareware plot have dramatically increased in frequency and sophistication in the past two decades. He is now watching the fulfillment of predictions he made during lectures in the late 1990s that cyberattacks would come to outpace human — and even automated — solutions.
Amin said he doesn't expect the trend to abate anytime soon as life becomes increasingly digitized, underscoring the need for people to be alert.
"A lot of it goes to education: turning fear into empowerment," Amin said. "No amount of technology will make up for taking a few deep breaths before we click on a link."