Dubai — Group-IB, one of the global cybersecurity leaders, has uncovered a worldwide scam campaign targeting users in over 90 countries all around the world, including the UAE, Oman, and Qatar. The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120. The new wave of the scam is particularly persistent thanks to an innovation in the scammers’ toolset — targeted links, which makes investigating and tackling such attacks increasingly challenging.
The potential victim pool of a single scam network is estimated at about 10 million people, while the potential damage totaled about $80 million per month, according to Group-IB’s Digital Risk Protection unit.
Personal customer service
Fraudsters trap their victims by distributing invitations to partake in survey, after which the user would allegedly get a prize. Each such offer contains a link leading to the survey website. For “lead generation,” the threat actors use all possible legitimate digital marketing means: contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications. To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cybercriminals to display different content to different users, based on certain user parameters.
But this destination “branded survey” page takes very long to download. This is because the victims find themselves in a long chain of redirects, during which scammers gather information about their session, including country, time zone, language, IP, browser, and etc. The content on the final page will be determined based on what was learned about the user and tailored as much as possible to their possible interests. The final scam link is customized to a specific user and can be opened only once. This complicates the detection of such links, which inevitably leads to the scam’s longer life cycle, and hampers the takedown and investigations.
At the final stage, the user is asked to answer questions to receive a prize from a well-known brand and to fill out a form asking for their personal data, which is allegedly needed to receive the prize. The data required usually includes the full name, email, postal address, phone number, bank card data, including expiration date and CVV.
An example of a scam page targeting English-speaking users
Fraudsters can use the data stolen to buy goods online, register fake user accounts on any online resources or simply sell the personal information on the dark web. Apart from revealing their data, users are sometimes asked to pay a tax or a test payment to receive the prize.
Scam’s scale: geography and victims
According to Group-IB DRP analysts, this type of fraud has been spotted in 91 countries, with cybercriminals exploiting at least 121 brands as bait. Based on the country of origin of the brands affected, the scam’s target regions are: Europe (36.3%), Africa (24.2%), and Asia (23.1%). In the Middle East alone, cybercriminals exploited 9 brands from Bahrain, Qatar, Oman, Kuwait and the UAE. Globally, cybercriminals mostly try to exploit the brands of leading telecommunications companies, which enjoy special “love” in this scheme, and make up more than 50% of the total number of brands exploited, followed by ecommerce and retail.
Group-IB analysts have detected at least 60 different scam networks that operate targeted links. On average, each of them contains over 70 domain names. One of the largest networks in terms of traffic attracted contained over 50 domain names. Judging from the number of visitors, scammers’ potential victim pool on this network alone totals 10 million people. Group-IB experts estimate the damage at $80 million per month, based on the number of sites detected, their minimum conversion, and an average money loss on a scam website. For each specific website that hosts fraudulent content, Group-IB team was able to analyze where the visitors came from. The main sources of traffic for targeted links operators are India (42.2%), Thailand (7%), and Indonesia (4.4%), among others.
“Just a couple of years ago, online scams were focused on scale: by indiscriminately targeting users, fraudsters tried to ensure that at least someone would take the bite,” comments Ashraf Koheil, Director of Business Development, Middle East & Africa at Group-IB. “Over time, as scam awareness was growing, fewer and fewer people fell prey to such scheme, which made it much more difficult for cybercriminals to make money. They started to explore new ways that would meet their financial ambitions. This triggered the scamdemic and the diversity of various fraudulent schemes that we observe today. The variety of scams observed globally today in described in detail in our annual Hi-Tech Crime Trends 2021/2022 report ‘Scams and Phishing’.”
Group-IB is one of the leading solutions providers dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).
Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection, an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.
Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is an active collaborator in global investigations led by international law enforcement organizations, such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security created in order to foster closer cooperation between Europol and its leading non-law enforcement partners.
Group-IB's experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.