Online impersonation, extortion attacks and phishing scams were among the most common and costly types of cyber crime reported by individuals and organizations in 2016, according to a report from FBI’s Internet Crime Complaint Center (IC3).

In its annual report published Thursday, the federal law enforcement agency highlights a number of cyber threats that have plagued consumers and businesses over the last year. In total, the FBI received 298,728 complaints and more than $1.33 billion in losses.

Read: Phishing Scams: FBI Says Businesses Have Lost $5 Billion In Phishing, Social Engineering Attacks

Business Email Compromise (BEC) attacks topped the list of most costly cyber threats in 2016. The FBI received 12,005 reports of BEC attacks, which resulted in a total of $360,513,961 losses for affected companies.

BEC attacks are generally carried out either by a hacker finding his or her way into a company’s computer system to compromise a device, or through a phishing attempt that targets members of a company with fake emails designed to steal their login credentials. Online databases containing leaked passwords linked to an employee’s personal accounts can also lead to compromised business accounts.

The FBI has previously warned about the rise of BEC attacks, so it is not surprising to see it top the list. Earlier this year, the bureau reported there have been 40,203 BEC attacks reported in the last three years, resulting in these businesses losing more than $5.3 billion

Structure Security
Newsweek is hosting a Structure Security event Sept. 26-27 in San Francisco. Newsweek Media Group

Also near the top of the FBI’s threat list are “confidence fraud” or romance scams, in which an individual believes they are sending money to a person with whom they have a relationship. In reality, they are being scammed. Victims of these types of attacks lost more than $219 million in 2016.

Read: Cyberattacks: Phishing, Ransomware Attacks Rose In 2016, Symantec Reports

The most reported attack, by a landslide, was non-payment and non-delivery scams. There were 81,029 victims of such crimes in 2016, who paid for goods or services that were never received—or businesses who shipped goods but never received payment. More than $138 million as lost from non-payment and non-delivery scams.

Interestingly, ransomware attacks were relatively low on the list of threats dealt with by the FBI, with only 2,673 complaints reported and $2.4 million lost. Those figures seem low given the significant uptick in the number of high-profile ransomware incidents that have spread in the last several years.

While the WannaCry ransomware that hit hundreds of thousands of machines worldwide earlier this year wouldn’t be included in the report on crimes in 2016, security researchers have chronicled a considerable climb in the number of ransomware variants demanding money from victims.

According to Symantec, more than 100 new families of ransomware were discovered in the wild over the course of 2016, tripling the number of attacks that had previously been identified. Those attacks also carried a higher cost, with the ransom demands rising by 266 percent. In 2016, attackers demanded an average of $1,077 per victim, up from $294 in 2015.

It’s worth noting that the FBI report claims that just 15 percent of fraud victims in the U.S. report the crime to law enforcement. If that 15 percent is accurate, it means the real cost of cyberattacks in 2016 was nearly $9 billion in total.