Group-IB, one of the global leaders in cybersecurity, today shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups. The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to SaaS (Scam-as-a-Service), in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100. Traffic has become the circulatory system of scam projects: Group-IB researchers emphasize that the number of websites used for purchasing and providing “gray” and illegal traffic and that lure victims into fraudulent schemes has increased by 1.5 times. Scammers are going into 2022 on a new level of scam attack automation: no more non-targeted users. Scammers are now attracting specific groups of victims to increase conversion rates. Social media are more often becoming the first point of contact between scammers and their potential victims.
During the Digital Risk Summit 2022 online conference, which was divided into analytical and technology-related streams, Group-IB shared the findings of its research into various scam schemes, obtained with the help of neural networks and ML-based scoring systems incorporated in the Group-IB Digital Risk Protection platform, which is designed to mitigate external digital risks to intellectual property and brand identity. Conference participants included the United Nations International Computing Centre (UNICC), Scamadviser (a global independent project), Ebank (Egypt), etc.
With more and more Internet users falling victim to cybercrime every day, fraudsters prefer good old techniques such as phishing (18%), scams and fraud (57%), and malware infections and reputational attacks (25%). In 2021, scams were the most common type of cybercrime.
The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively. [ST1]
Following hacker groups successfully attacking business and government organizations worldwide, scammers have adopted their methods to improve their schemes. Chaotic loners attract organized criminal gangs with SaaS (Scam-as-a-Service). “A strong trend that we observed in 2021 was no-frills scammers merging into groups controlled by highly technically skilled villains,” says Ilia Rozhnov, Head of Digital Risk Protection team in APAC at Group-IB. “Group-IB’s AI-based platform identified somewhere between 75 and 110 scam groups last year, and the average number of cybercriminals per group was 10 members. The average number of scam links per group reached 100. SaaS helped grow not only fraudsters’ appetites, but also the industry itself. In 2021 our DRP system tracked 350 groups, reaching up to 390 scam groups at the peak time. The number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group. In turn, their infrastructure has grown proportionally: the average number of scam links per group was between 2,000 and 3,000”.
Do you like traffic like scammers do?
The number of websites used for purchasing and providing “gray” and illegal traffic increased by 1.5 times. Scammers refused to create and maintain their own resources. Their task was only to attract traffic to third-party resources owned by other scammers for a fee when the theft of money was successful.
“Scammers are now focused on attracting targeted traffic. In the past, their schemes were aimed at unsuitable users who were brought to a fraudulent resource, but since 2021 the strategy has changed drastically. Scammers now attract specific groups of victims to increase conversion rates. The only platform for selling “gray” and illegal traffic earns on average $2,758 per week from one offer to sell illegal traffic,” Mr Rozhnov added. “The statistics relating to grey and illegal traffic on one platform, which was taken as an example by Group-IB DRP analysts, showed that India, US and Vietnam are the main countries where the platform is distributed.”
There was no weak URL targeting. Group-IB experts noted a strong trend towards the use of improved URL targeting: a valid one-off URL, available strictly for a particular user at a specific moment in time, targeted a specific audience. Personalized URLs usually include not only a timestamp and hash, but also geolocation information, the OS version, the browser type, and the name of the Internet provider. There was also no weak content personalization. Fraudsters used improved content personalization with auto-completed web forms on a page with a user’s personal data, extracted from browser cookies.
Hey, username, let’s talk
Digitalization is the main global trend. Scam is no exception, and the fact that the number of Internet users increased up to 4.95 billion in 2021 contributed to this. Moreover, the number of social media users and unique mobile phone users has also grown and has reached 4.62 billion (+10% compared to 2020). In 2021, 48.15% of scam schemes started with an active dialogue with the victim, experts concluded. There was also a trend to simplify scam end-pages, with scammers actively shifting towards spreading scam proposals via legitimate platforms such as Facebook and Instagram. The reasons for using social media are simple. First, it’s the best way to inspire trust. Second, social media services are insufficiently moderated.
In the Asia Pacific region, according to Group-IB Digital Risk Protection team’s findings, social media became the number one channel for distribution of scams – 75.4% of all scams analyzed by Group-IB were observed in social media. Instagram turned out to be the scammers’ favorite platform in APAC.
Brand impersonation scams on social media are gaining momentum as legitimate companies more often interact with their customers via this channel. Another driving force – is the overall increase in the number of social media users in APAC in 2021.
In 2021, the share of social media as the major channel for scammers in the Asia-Pacific was growing during the whole up until Q4. Group-IB experts believe the decrease was primarily due to the growing awareness about scammers’ tactics in social media. However, scammers are quick in adapting and improving their tactics and schemes. Group-IB experts believe that share of social media scams will keep growing in 2022.
The trends identified by Group-IB experts were also confirmed by the company’s partners that also took part in the Summit. Jorij Abraham, General Manager at Global Anti-Scam Alliance & Scamadviser, said that scammers were quickly becoming more and more professional and that the number of reported scams had increased from 139 to 266 million (93%).
“The number of cybercrimes is growing every year. We must stay ahead of scammers. To do so, anyone involved in the cybersecurity market must share their knowledge and data with each other. Only in this way will we be able to win,” says Global Anti-Scam Alliance & Scamadviser Jorij Abraham. “With the appearance of more data and new technologies such as deepfakes, scams have become very difficult to identify.”
The hype in the public space worldwide for metaverses has been growing, so Group-IB DRP analysts expect the amount of scams in metaverses to increase. The same situation applies to cryptocurrencies and NFTs, where scams are already highly popular. The use of deepfakes and voicefakes will also increase — they are among the most common scam methods. Experts predict that de-anonymization tools will be used for blackmailing and victim personalization.
Special scams for special days
Scammers continued using special days and situations as occasions for fraud: Black Friday, government schemes, Health Day offers, and so on. Moreover, HR was one of the main scam topics: more than 150 (per month) fraudulent pages connected to searching for work were created between October and December in 2021. Investment fund scams were also highly popular in 2021: for example, one group caused $66.2 million in damages in the APAC region. [ST1]
In many cases, popular brands and celebrities were used to attract victims, and the method still works well. Due to the global health situation, the number of Covid-19 scams increased, especially relating to fraudulent vaccines and Covid certificates. More than 7.5 million subscribers for groups providing fake Covid-related documents were found.
Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).
Group-IB’s Threat Intelligence & Attribution system has been named one of the best in its class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (formerly known as TDS), intended for proactively searching for and protecting against complex and previously unknown cyberthreats, has been recognized as one of the market leaders in the Network Detection and Response category by KuppingerCole Analysts AG, the leading European analyst agency, while Group-IB itself has been recognized as a Product Leader and an Innovation Leader. Gartner has named Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks, with the company’s patented technologies at its core. Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading Forensic Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.
Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.
Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.
For more information, please contact: