Technology and its advancements, including greater and broader internet accessibility accounts for higher scam rates
Scams and phishing remain two of the most alarming and dangerous ways in which cybercriminals can gain insight into people’s lives. It’s an indication of how far up the Russian cybersecurity firm Group-IB has called it an “online fraud epidemic” – an indication of its pervasiveness and risk to common users.
It’s scale is equally concerned with cybersleuths. More than 14,000 phishing resources were blocked by Group-IB in the first six months of 2021, an indication of how widespread their use and deployment is in the online world. These phishing resources were hosted on 12,000 unique domains – with about one in five websites being hosted on compromised legitimate resources.
According to Group-IB, this all-encompassing, easily accessible scam network is changing the types of people who handle such scams. “The popularity of the fraud model as a service has led to an increase in the scale of fraud at a global level and a lower entry threshold for novice scammers who do not have the real fraud skills,” they say.
Scams increasing in popularity
In the first half of 2020, scams accounted for 54% of all cybercrime that Group-IB has encountered. That has increased to 57% in the first half of 2021 based on the ability of some common folks to launch their own attacks through scam-as-a-service models where people buy off-the-shelf tools that allow them to allow to project attacks into the wild without prior coding knowledge.
Phishing too has seen an increase in popularity, going from 16% of all cybercrime in the first six months of 2020 to 17.5% of all cybercrime a year later.
One thing that hasn’t changed much is the geographic distribution from which such phishing attacks are hosted.
According to Group IB data, in the first half of 2021 the United States, Germany and Canada were the largest countries hosting phishing sites.
Perhaps because of its ubiquity as a de facto reliable gTLD, the American .com domain accounted for 60% of all phishing sites.
New scam discovered
In addition to looking at how fraudsters have operated in the past, Group-IB endeavors to identify the latest scams and how they operate. One they recently found targets users in over 90 countries around the world, including the United States, Canada, South Korea, and Italy.
The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120.
Group-IB estimates that around 10 million people could lose about $80 million a month to this scam
Scammers catch their victims by sending out invitations to take part in the survey, after which the user will allegedly receive a prize.
Downloading the “branded survey” page takes a long time because potential victims are in a long chain of redirects, which the scammers use to gather as much information as possible about their session, including the country they are in, their time zone , language, IP and browser. The final scam link is customised for a specific user and can only be opened once.
Users are invited to answer the questions to receive a prize from a well-known brand and to fill out a form asking for their personal data. Required data usually includes your full name, email, mailing address, telephone number, credit card information including expiration date and CVV, Group-IB states – anything that it is used to scam someone.
“Over time, as scam awareness was growing, fewer and fewer people fell prey to such schemes, which made it much more difficult for cybercriminals to make money.” This is just the latest example of a hyper-targeted scam fooling individuals.
“Just a couple of years ago, online scams were focused on scale: by indiscriminately targeting users, fraudsters tried to ensure that at least someone would take the bite,” says Dmitriy Tiunkin, Group-IB Digital Risk Protection head, Europe.
Fraud has the potential to disrupt society in multiple ways, by psychologically impacting individuals, undermining the viability of businesses, putting pressure on public services, fuelling organised crime and funding terrorism
Cybercrime takes numerous forms, including identity theft, digital scams, hacking, online fraud, and phishing