Cyber threat intelligence Group-IB identifies scams as most widespread cyber threat in the world
Group-IB, one of the global leaders in cybersecurity, shares its analysis of the landscape of the most widespread cyber threat in the world: scams.
During the Digital Risk Summit 2022 online conference, which was divided into analytical and technology-related streams, Group-IB shared the findings of its research into various scam schemes obtained with the help of neural networks and ML-based scoring systems incorporated in the Group-IB Digital Risk Protection, a platform designed to mitigate external digital risks to intellectual property and brand identity. Conference participants included the United Nations International Computing Centre (UNICC), Scamadviser (a global independent project), Ebank (Egypt), etc.
Scam “almighty”
With more and more Internet users falling victim to cybercrime every day, fraudsters prefer good old techniques such as phishing (18%), scams and fraud (57%), and malware infections and reputational attacks (25%). In 2021, scams were the most common type of cybercrime.
The number of brand-impersonating scam resources created per month also increased. In the Middle East, the Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89%, respectively.
Following hacker groups successfully attacking business and government organizations worldwide, scammers have adopted their methods to improve their schemes and organized criminal gangs now make use of SaaS (Scam-as-a-Service). “A strong trend that we observed in 2021 was no-frills scammers merging into groups controlled by highly, technically skilled villains,” says Ilia Rozhnov, Head of Digital Risk Protection team in APAC at Group-IB.
In 2021, Group-IB’s AI-based platform identified between 75 to 110 scam groups with an average of 10 members last year, and he found that the average number of scam links per group reached 100 with the help of SaaS. The DRP system also tracked that the number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group, with scam links ranging from 2,000 and 3,000.
Do you like traffic like scammers do?
The number of websites used for purchasing and providing “gray” and illegal traffic increased by 1.5 times. Scammers refused to create and maintain their own resources. Their task was only to attract traffic to third-party resources owned by other scammers for a fee when the theft of money was successful.
“Scammers now attract specific groups of victims to increase conversion rates. The only platform for selling “gray” and illegal traffic earns on average $2,758 per week from one offer to sell illegal traffic,” Rozhnov added. “The statistics relating to grey and illegal traffic on one platform, which was taken as an example by Group-IB DRP analysts, showed that India, US, and Vietnam are the main countries where the platform is distributed.”
Group-IB experts noted a strong trend toward improved URL targeting: a valid one-off URL available strictly for a particular user at a specific moment in time targeted at a specific audience. Personalized URLs usually include not only a timestamp and hash but also geolocation information, the OS version, the browser type, and the name of the Internet provider. There was also no weak content personalization. Fraudsters used improved content personalization with auto-completed web forms on a page with a user’s personal data extracted from browser cookies.
Hey, username, let’s talk.
Digitalization is the main global trend, and the increased number of Internet users of up to 4.95 billion in 2021 contributed to the prevalence of scams. The reasons for using social media are simple: to inspire trust and to take advantage of social media services being insufficiently moderated.
According to the Group-IB Digital Risk Protection team’s findings, social media became the number one channel for distributing scams in the Asia Pacific region, with 75.4% of all scams analyzed by Group-IB observed in social media. Instagram turned out to be the scammers’ favorite platform in APAC.
Meanwhile, brand impersonation scams on social media are gaining momentum as legitimate companies more often interact with their customers via this channel.
In 2021, the share of social media as the major channel for scammers in the Asia-Pacific was growing up until Q4. Group-IB experts believe the decrease was primarily due to the growing awareness of scammers’ tactics on social media. However, scammers are quick in adapting and improving their tactics and schemes. Group-IB experts believe that share of social media scams will keep growing in 2022.
The trends identified by Group-IB experts were also confirmed by the company’s partners who took part in the Summit. Jorij Abraham, General Manager at Global Anti-Scam Alliance & Scamadviser, said that scammers were quickly becoming more and more professional and that the number of reported scams had increased from 139 to 266 million (93%).
The growing hype for metaverses also led Group-IB DRP analysts to expect the number of scams in metaverses to increase, and the same situation applies to cryptocurrencies and NFTs, where scams are already prevalent, with deepfakes and voicefakes likely to be among the most common scam methods. Experts predict that de-anonymization tools will be used for blackmailing and victim personalization.
Special scams for special days
Scammers continued using special days and situations as occasions for fraud: Black Friday, government schemes, Health Day offers, and so on. Moreover, HR, along with investment funds, was one of the main scam topics, with more than 150 (per month) fraudulent pages connected to searching for work created between October and December 2021.
In many cases, popular brands and celebrities were used to attract victims, and the method still works well. Due to the global health situation, Covid-19 scams increased, especially regarding fraudulent vaccines and Covid certificates.
