Des Moines, IA – State Auditor Rob Sand today (Friday) urged organizations and individuals to take steps to increase measures to safeguard their systems against cyber-attacks. In a news release, Sand said “Individuals, businesses, schools, and government entities are all susceptible to cybercrimes. It’s important for everyone to increase cybersecurity measures because a deficiency in one system can give criminals access to mounds of data that can result in cybercrimes like identity theft.”

The most common cybercrimes include Business Email Compromise (BEC), identity theft, ransomware, and spoofing and phishing scams. On average, the FBI received 2,300 cybercrime complaints per day in 2021, resulting in $6.9 billion in losses to victims. Iowa ranks 21st in the country in the number of cybercrime victims per state, losing a total of $33.8 million dollars to cybercrimes. According to Sand, “BEC attacks were reported to the Auditor’s Office by state and local governments, as well as schools.”  He said he was the target of a BEC scheme last year, but, “Thanks to some vigilant state workers, the scam was squashed.”

Iowa Auditor of State Rob Sand

BEC and Email Account Compromise (EAC) are sophisticated scams that are carried out when legitimate email accounts are compromised. The compromised account is then used to send fraudulent emails soliciting funds that are directed to illicit accounts. Combined losses in 2021 totaled $2.4 billion.

Measures to protect organizations from cybercrime include:

• Updated multi-factor authentication
• Updated software
• Control measures that include detailed IT policies and procedures
• Anti-malware
• Enhanced Firewalls
• Think before you “click”

The Auditor’s Office is partnering with the Association of Certified Fraud Examiners for International Fraud Awareness Week in an effort to draw attention to the latest forms of fraud and measures to prevent fraud.  To report the misuse of public funds or resources, email info@aos.iowa.gov or call 515-281-5834. Additional information on fraud prevention can be found on the Auditor of State website, Facebook, and X, formerly known as Twitter.