Cyber Investigations
Our goal is to protect the nation’s financial infrastructure and maintain a safe environment for the American people to conduct financial transactions. Our mission is to investigate complex cyber-enabled financial crimes.
Combating the illicit use of digital assets

The Secret Service is responsible for detecting, investigating, and arresting any person who violates certain laws related to financial systems. In recent years digital assets have increasingly been used to facilitate a growing range of crimes, including various fraud schemes and the use of ransomware.


Cyber Fraud Task Forces

Cyber Fraud Task Forces (CFTFs), the focal point of our cyber investigative efforts, are a partnership between the Secret Service, other law enforcement agencies, prosecutors, private industry, and academia. The strategically located CFTFs combat cybercrime through prevention, detection, mitigation, and investigation.
Global Investigative Operations Center

An integrated mission center, monitoring, coordinating, and supporting strategic domestic and international investigations with potential impact on the integrity of the financial infrastructure. The Global Investigative Operations Center (GIOC) conducts analysis of non-traditional data sources and works with our CFTFs on combating transnational organized criminal organizations.


Highly-Skilled Cyber Workforce

Our network intrusion responders are at the frontlines of large scale network intrusions and malware attacks. Our investigators, analysts, and forensic examiners have contributed to the apprehension of transnational cyber criminals responsible for large-scale data breaches, online criminal hosting services, and the trafficking of stolen financial data and other cybercrimes.
Preparing for a Cyber Incident

Effective cybersecurity requires a holistic approach in order for an organization to be more resilient against cyber attacks. The Secret Service developed a series of cyber incident response planning guides to assist organizations in preparing, preventing, and responding to cyber attacks.

Types of Cybercrimes We Investigate
Access Device Fraud
An elicit transferring of funds that involves credit and debit cards, or other types of account access devices.
Network Intrusions
Unauthorized access to computers or networks, using a variety of methods, including malware and bots.
Point-of-Sale System Compromise
Unauthorized access to checkout or cashier systems that process the electronic transfer of payments for goods and services.
Illicit Financing Operations and Money Laundering
Investing illicit proceeds into the financial system, while attempting to disguise them as legitimate transactions.
ATM Attacks
Involves access device manipulation and network intrusion.
Identity Theft and Use
Theft of Personally Identifiable Information to illicit financial gain.
Ransomware
Type of malicious software designed to block access to computers or networks until a sum of money is paid.
Business Email Compromise
Type of payment fraud that involves the compromise of legitimate business email accounts for the purpose of conducting unauthorized wire transfers.
The Secret Service has cultivated mutually beneficial partnerships with law enforcement agencies around the globe, leading to successfully extraditing criminal suspects residing overseas to face prosecution in the United States.
We continue to forge new international partnerships in furtherance of our mission to pursue and apprehend cybercriminals globally.
Secret Service representatives partner with public and private organizations worldwide, including:
- U.S. Department of Justice
- U.S. Department of the Treasury
- National Cyber Investigative Joint Task Force (NCIJTF)
- Financial Crimes Enforcement Network (FinCEN)
- Homeland Security Investigations (HSI)
- Federal Bureau of Investigation (FBI) and the Internet Crime Complaint Center (IC3)
- Cybersecurity and Infrastructure Security Agency (CISA)
- Europol
- INTERPOL
- Computer Emergency Response Team (CERT) in coordination with Carnegie Mellon University
- University of Tulsa
- University of San Antonio
- National Cyber Forensics and Training Alliance (NCFTA)
- Financial Services Information Sharing and Analysis Center (FS-ISAC)
- Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, National Cyber Awareness System
- Department of Commerce, National Institute of Standards and Technology, Cybersecurity
- Department of Commerce, National Institute of Standards and Technology, An Introduction to Information Security
- Department of Commerce, National Institute of Standards and Technology, Fundamentals of Small Business Information Security
- Federal Trade Commission, Cybersecurity for Small Businesses
- Department of Justice, Crime and Intellectual Property Section, Cybersecurity Unit
- Department of Commerce, National Institute of Standards and Technology, Computer Security Incident Handling Guide
- Department of Justice, Crime and Intellectual Property Section, Cybersecurity Unit, Best Practices for Victim Response and Reporting of Cyber Incidents
- Federal Trade Commission, Complying with the Health Breach Notification Rule
The mission of the U.S. Secret Service Cyber Fraud Task Forces (CFTF) is to prevent, detect, and mitigate complex cyber-enabled financial crimes, with the ultimate goal of arresting and convicting the most harmful perpetrators. Through a partnership with private industry, state, local, tribal, and territorial (SLTT) and federal law enforcement agencies, federal and state prosecutors, and academia, the CFTFs effectively leverage the collective expertise of a range of key stakeholders necessary to combat cybercrime. The CFTFs are staffed with special agents, technical experts, forensic analysts operating in the CFTF Digital Evidence Forensic Labs (DEFL), and SLTT task force officers trained through the Secret Service National Computer Forensic Institute (NCFI).
In 1995, the Secret Service New York Field Office (NYC) established the first Electronic Crimes Task Force (ECTF). The task force was substantially modeled on the existing Secret Service-led Financial Crimes Task Forces (FCTFs), which were established in 1984, following the enactment of the Comprehensive Crime Control Act and the resultant criminal authorities Congress provided to our agency. Leveraging state and local law enforcement partners, in addition to prosecutor offices, private sector industry groups, and academia, the ECTF concept led to increased investigative successes in the emerging field of cyber-enabled criminal activity.
In 2001, in the aftermath of 9/11, the USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act mandated the Secret Service to expand the New York ECTF concept nationally for the “purpose of preventing, detecting, and investigating various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems.” Since that time, 39 additional ECTFs, including two overseas, have been created for this purpose.
In 2018, the Secret Service began evaluating strategic options to improve the organization of Secret Service task forces by combining existing ECTFs and FCTFs. These combined 44 task forces - CFTF - resulted in better coordination with task force partners, consolidation of investigative and technical skillsets during operations.
Secret Service Announces the Creation of the Cyber Fraud Task Force
Locate a CFTF.
Resources
Verizon Data Breach Investigations Report
Our experts contributed to this report, which provides actionable insight into how data breaches occur.
Train at the National Computer Forensics Institute
Register for cyber incident response, investigation, and forensic examination training.
Internet Crime Complaint Center (IC3)
Submit an internet crime complaint to federal law enforcement.