News By Group-IB
Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating and preventing hi-tech cybercrimes, has presented a comprehensive analysis of fraud schemes globally and revealed an ongoing large-scale scam campaign targeting the MEA region. Nearly 140 famous brands from over 15 Arab-speaking countries were exploited by scammers who created fake pages with giveaways or prize draws purported to be launched by well-known organizations to steal user personal information and payment data.
The findings, obtained with the help of neural networks and ML-based scorings of Group-IB Digital Risk Protection system, were released as part of Group-IB’s Digital Risk Summit 2021 online conference, which was divided into analytical and technology-related streams. Conference participants included the United Nations International Computing Centre (UNICC), the global market research and advisory company Forrester, and Scamadviser, an independent project.
At the event, Group-IB presented the analysis of a multitude of fraud schemes, uncovered with the help of its patented scammer tracking technology, Scam Intelligence, developed based on the expertise gathered by Group-IB in over a thousand of successfully solved investigations worldwide. The damage these scams cause to industries worldwide was also revealed during the event. It was established that in one year threat actors employed only in one of the fraudulent schemes, which during the pandemic became the most popular one, Classiscam, swindled users out of $9,140 000.
Pandemic one can’t isolate from
Businesses going online and the global pandemic brought about a rapid increase in fraudulent activity, with 40% of all sales today being made through social media.This trend paves the way for growth, not just for businesses but also as regards online fraud. In total, fraud accounts for 73% of all online attacks: 56% are scams (deceit resulting in the victim voluntary revealing sensitive data) and 17% are phishing attacks (theft of bank card details). In the Middle East specifically, where Group-IB has just inaugurated its MEA Threat Intelligence & Research Center, scam- and phishing-related violations detected by the company in 2020 grew by 27.5% compared to the previous year.
In the current year, Group-IB DRP analysts continue recording new campaigns targeting the region. At the moment, at least 16 countries in the MEA region, including Egypt, Saudi Arabia, and the United Arab Emirates, are being targeted by scammers who are harvesting user personal and payment data via a multistage scam that exploits at least 138 popular brands.
A typical victim receives a link from friends, through social media, in messenger or comes across an ad in search engines inviting them to participate in a prize draw, promotional offer, or survey conducted by a big name or a celebrity. Attracted by a promise to get a prize, a job offer or a cash reward, the victim follows a link and finds themselves on a page with a survey or an online slot machine branded as a well-known company. On this page, a user is asked to complete a survey or fill out an online form and enter their name, city of residence, phone number, information about their education, and etc.
Regardless of the user’s answers, they become a winner, after which they’re asked to share the link to the survey/giveaway with up to 20 contacts in WhatsApp messenger. After the victim expands the scam surface, they are redirected to other scam resources — new giveaways, dating services or a phishing website or a website on which the user can infect its device with malware. The total monthly audience of web resources used as a final stage of the scam amounted to 500,000.
The majority of brands exploited in the scheme (34.8%) belong to the telecommunications industry, while 10.4% account for public service and 9.6% more for retail. Other industries that are affected by the scheme include entertainment, fast-food, automotive, electronics, oil and gas sectors, and banking and insurance.
To prevent the campaign from being detected by anti-scam systems, cybercriminals registered their fake pages using Blogspot service to make these pages look legitimate to online content filtering algorithms. Since the beginning of this year, Group-IB DRP analysts detected over 4,300 scam pages registered using the service. These pages were created by over a hundred Blogspot accounts, presumably registered by the same group. According to Group-IB Digital Risk Protection system, this scam group has been active for at least 6 years.
The scamdemic will not end: smart monitoring
Many factors have contributed to the global scamdemic, which stands for the influx of online scams during the pandemic on a scale never seen before: a multitude of fraud schemes and their modifications, the automation of most attack stages, the targeting of specific companies and industries, the many possibilities of concealing cybercriminal activity.
On June 10, 2021, Group-IB revealed Scam Intelligence, a fraudster tracking technology that has laid the foundations for Digital Risk Protection, one of the company’s innovative proprietary solutions. In just one year, the system helped save as much as $443 million for companies in the Asia Pacific region, Russia, Europe, and the Middle East by preventing potential damages.
Neural networks and adaptive scoring help automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry anywhere in the world. An analysis of threat actor activities worldwide by Digital Risk Protection (DRP) helped categorize fraud schemes, with over 100 basic schemes and their modifications detected.
“The scam market is turning into the fastest growing economy in the world, each year, the number of cybercriminals, scams as well as damage caused by them skyrockets,” says Group-IB MEA Director of Business Development Ashraf Koheil. “If you have a well-known brand whether it be a bank, which have been scammers’ favorite for a long time, a consumer goods company or a service provider, it’s just a matter of time when you catch the scammers’ eye.
Organizations just cannot handle this scamdemic with a classic monitoring approach and blocking links individually: the scale of fraudulent activity is increasing and this imposes new requirements for tools designed to fight it. The overarching DRP protection should be capable of detecting all components of the infrastructure created by a scammer and see all the elements relating to them. The scam actor-centric approach enriches the monitoring results and makes the monitoring process more sophisticated and scalable.”
Group-IB’s patented DRP technologies in threat intelligence, which are based on the deep understanding of cybercriminals’ logic and behavioral patterns that Group-IB experts accumulated in numerous investigations of high-tech crimes globally, automated graph analysis, and monitoring of threat actor infrastructures in real time help immediately detect fraudsters’ entire networks and block them, as opposed to handling individual links to phishing and scam resources. All the information gathered about the threat actor and their infrastructure can be compiled into actionable reports for the further transfer to lawyers or law enforcement with the ultimate goal of bringing the scam actor to justice. As such, 85% of violations related to any type of fraud are eliminated as part of a pre-trial process, which saves the protected organization’s resources. Group-IB says it is confident in the level of protection DRP provides and that if a user initiates legal action against a company whose brand has been used in a fraud scheme, Group-IB will cover all the costs.
About Group-IB
Group-IB is a Singapore-based provider of solutions aimed at detection and prevention of cyberattacks and online fraud. The company also specializes in high-profile cyber investigations and digital risk protection. Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC, while its Threat Hunting Framework has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG.
Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was recognized as a Representative Vendor in Gartner’s Market Guide for Digital Forensics and Incident Response Services.
Group-IB was granted Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.
Group-IB’s technological leadership is built on the company’s 18 years of hands-on experience in cybercrime investigations around the world and 65 000 hours of cyber security incident response accumulated in one of the biggest forensic laboratories and a round-the-clock center providing a rapid response to cyber incidents—CERT-GIB. Group-IB is a partner of INTERPOL and Europol, and has been recommended by the OSCE as a cybersecurity solutions provider.
Our mission is to protect our clients in cyberspace daily, leveraging actor-centric innovative solutions & services.
