The latest report by Group-IB highlights the ways scammers operate.
Scams and phishing remain two of the most alarming and dangerous ways that cybercriminals can leverage insight into people’s lives. It’s an indication of just how far it’s risen that Russian cybersecurity firm Group-IB has deemed it an “epidemic of online fraud” – an indication of its pervasiveness and risk to rank and file users.
And its scale is equally concerning to the cybersleuths. More than 14,000 phishing resources were blocked by Group-IB in the first six months of 2021, an indication of how widespread their use and deployment in the online world is. Those phishing resources were hosted on 12,000 unique domains – with around one in five websites hosted on compromised legitimate resources.
That all-encompassing, easily-available scam network is changing the types of people who operate such cons, according to Group-IB. “The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams,” they say.
Scams increasing in popularity
In the first half of 2020, scams accounted for 54% of all cybercrime that Group-IB encountered. That’s risen to 57% in the first half of 2021, based on the ability in part of everyday people to launch their own attacks through scam-as-a-service models, where people buy off-the-shelf tools that enable them to project attacks into the wild without any prior knowledge of coding.
Phishing too has seen an increase in popularity, going from 16% of all cybercrime in the first six months of 2020 to 17.5% of all cybercrime a year later.
One thing that hasn’t changed much is the geographical distribution of from where such phishing attacks are hosted.
The US, Germany and Canada were the top countries hosting phishing websites in H1 2021, according to Group-IB data. Perhaps because of its ubiquity as the de facto reliable gTLD, the United States’s .com accounted for 60% of all phishing sites.
A new scam uncovered
Alongside looking at how scammers have operated in the past, Group-IB tries to identify the latest scams and how they operate. One they’ve recently found targets users in over 90 countries all around the world, including the United States, Canada, South Korea, and Italy. The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120.
Group-IB fears that about 10 million people could be losing about $80 million per month to this scam, according to their estimates.
Fraudsters trap their victims by distributing invitations to partake in a survey, after which the user would allegedly get a prize.
The “branded survey” page takes very long to download because would-be victims find themselves in a long chain of redirects, which scammers use to glean as much information about their session as possible, including the country they’re based in, their time zone, language, IP and browser. The final scam link is customised to a specific user and can be opened only once.
Users are asked to answer questions to receive a prize from a well-known brand and to fill out a form asking for their personal data. The data required usually includes the full name, email, postal address, phone number, bank card data, including expiration date and CVV, says Group-IB – all you need to scam someone.
“Just a couple of years ago, online scams were focused on scale: by indiscriminately targeting users, fraudsters tried to ensure that at least someone would take the bite,” says Dmitriy Tiunkin, Group-IB Digital Risk Protection head, Europe. “Over time, as scam awareness was growing, fewer and fewer people fell prey to such schemes, which made it much more difficult for cybercriminals to make money.” This is just the latest example of a hyper-targeted scam fooling individuals.