Digital automation: a cybercriminal’s paradise


Rapid developments in automation mean online con artists can now put together an elaborate scam in just ten minutes, fresh insight from cyber analyst Group-IB warns.

In its annual report assessing and predicting digital risks both past and future, the analyst said threat actors were increasingly profiting from AI-driven programs that can do most of the heavy lifting for them.

“Scammers had to do almost everything manually at first, including finding a suitable ad, communicating with the victim, getting a phone number,” it said. “The only automated task was the creation of phishing pages with the assistance of Telegram bots.”

The past few years have seen automation grow apace across legitimate industries — but unfortunately for businesses and the public alike, this tech phenomenon has been darkly mirrored in the cybercriminal underworld.

“Now scammers gather information from various resources via parsers — the software that automatically collects suitable ads, finds the seller’s phone number, and then, using the auto-link, sends them a WhatsApp message,” said Group-IB.

“The threat actor only needs to lure the victim onto the phishing site, arrange payment to an e-wallet through the bot, and receive money.”

Group-IB claims that the rise in automation across industries from one-fifth of tasks to four-fifths in a handful of years means that scams that previously would have taken a digital crook days to prepare can now be accomplished, from start to finish, in just ten minutes.

"Scammers' interest in brands from developing countries has grown rapidly."

Group-IB on how cyber con artists are targeting victims from further afield than before

Poorer countries in the crosshairs

What’s more, the analyst expects this trend to continue accelerating, as con artists increasingly target the developing world using fake branding to lure victims.

“Attackers already use third-party or self-written scripts, bots, and software to scale their criminal schemes,” it said. “Increased automation will lead to an increase in the number of fraudulent resources and victims.”

The average amount of “scam resources” devoted to a genuine brand leapt by 211% year-on-year from 2011 to 2012 in the Asia Pacific region, with the Middle East and Africa seeing substantial rises (135%) too.

By contrast, the wealthier European region saw a less marked rise (74%) over the same period.

“Although cybercrime is rising in all regions, scammers’ interest in brands from developing countries has grown rapidly,” said Group-IB, adding that this trend had been driven by “significant growth” in the number of fake social media accounts created by scammers in the global south.

Group-IB believes the key reason behind this rise is the relative simplicity of such scams — again suggesting that online con artistry is yielding ever lower-hanging fruit for cybercriminals.

“Such scams negate the need for technical skills, investments in infrastructure, or the purchase of phishing and scam kits,” said Group-IB.

Crooks empowered by tech

That isn’t to say that web-based scams are simple in nature — rather, Group-IB suggests, it means that emerging digital technologies are helping ordinary indecent criminals to attain a masterclass level more easily.

“Scam campaigns are not only having a greater quantitative impact when it comes to the number of brands they are targeting. Schemes are now more complex, and more convincing to prospective victims,” said Group-IB.

“In order to evade counteraction, ensure the viability of the scheme, and introduce scale, scammers are now using a huge number of domains and social media accounts,” it added.

Examples of such campaigns it observed in the past year included spoofing or impersonation of the FIFA World Cup 2022, which encompassed a staggering 16,000 bogus sites featuring fake surveys, tickets, merchandise, and jobs.

A fabricated HR recruitment campaign, targeting victims in the Middle East, boasted more than 2,400 dummy Facebook pages ripping off more than a dozen legitimate companies to promote job vacancies that did not exist.

And a fake “airlines campaign” — also uncovered by Group-IB last year but believed to have begun in 2014 — featured 30 bogus websites that were visited 120,000 times a month in total. The net result, the analyst claims, was an estimated $2 billion stolen from victims during that timeframe.

"Scammers are increasingly hacking into verified accounts and acting on their behalf."

Digital fraudsters see less reason to create fake branded accounts when they can just hijack the real thing

Don’t create — just steal

Another interesting, if disturbing, trend noted by the analyst is the growing tendency of cybercriminals to dispense with creating phony branded accounts — because why go to all that trouble when you can simply hijack the real thing?

“Fraudsters have long impersonated well-known brands or reputable personalities to increase the credibility of their scams,” said Group-IB. “The main tactic used is fake account creation. However, scammers are increasingly hacking into verified accounts and acting on their behalf.”

Describing cyber scammers nowadays as on the “hunt for pages belonging to specific people or brands,” it added: “As old schemes and techniques lose their effectiveness over time, attackers are constantly coming up with new ways to deceive victims.”

One idiosyncratic example of this, targeting people in the Asia Pacific, was a Google Maps scam where fraudsters posted misleading texts, videos, and photos containing fake customer service numbers — again purposed to lure a victim into making contact with a crook unawares.

“Victims then use these contacts when they attempt to reach out to [fake] customer service departments of legitimate businesses via WhatsApp chat,” said Group-IB. “The scammers ask the victims to provide personally identifiable information (PII) and account credentials.”

It’s time to start spying on Telegram

To help mitigate these threats, Group-IB recommends that corporate cybersecurity teams infiltrate cybercriminal rings on their Telegram channels wherever possible.

“Be present in cybercriminal groups, especially those on the Telegram messaging platform, to conduct reconnaissance and learn about impending attacks,” it said.

It also advises defensive teams to cast their nets wider, monitoring a company’s brand or intellectual property on the wider web to check for any anomalies that might suggest these are being misused.

“Watch all threat vectors, not only traditional cyberattacks using phishing or malware,” it said. “Check user messages and opinions outside the company's perimeter. Track your brand perception online and pay attention to any unexpected changes.”

Finally, Group-IB urges potential targets to be ever vigilant of innovations in tech that could be leveraged by cybercriminals in future attacks.

“Keep an eye on new opportunities that could be exploited in an attack,” it said. “Monitor emerging technologies, such as deepfakes and other AI-enabled services.”


More from Cybernews:

China hackers enter government email accounts through Microsoft

Breach of PBI exposes details of 370K+ people

Apple pulls spyware patch, security analysts baffled

Solana heist suspect to stand trial in New York

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked