Group-IB presents comprehensive analysis of fraud schemes

Group-IB has presented a comprehensive analysis of fraud schemes globally and revealed an ongoing large-scale scam campaign targeting the MEA region. Nearly 140 famous brands from over 15 Arabic-speaking countries were exploited by scammers who created fake pages with giveaways or prize draws purported to be launched by well-known organizations to steal user personal information and payment data.

The findings, obtained with the help of neural networks and ML-based scorings of Group-IB Digital Risk Protection system, were released as part of Group-IB’s Digital Risk Summit 2021 online conference, which was divided into analytical and technology-related streams. Conference participants included the United Nations International Computing Centre (UNICC), the global market research and advisory company Forrester, and Scamadviser, an independent project.

At the event, Group-IB presented the analysis of a multitude of fraud schemes, uncovered with the help of its patented scammer tracking technology, Scam Intelligence, developed based on the expertise gathered by Group-IB in over a thousand of successfully solved investigations worldwide. The damage these scams cause to industries worldwide was also revealed during the event. It was established that in one year threat actors employed only in one of the fraudulent schemes, which during the pandemic became the most popular one, Classiscam, swindled users out of $9 140 000.

Pandemic one can’t isolate from
Businesses going online and the global pandemic brought about a rapid increase in fraudulent activity, with 40% of all sales today being made through social media.[1] This trend paves the way for growth, not just for businesses but also as regards online fraud. In total, fraud accounts for 73% of all online attacks: 56% are scams (deceit resulting in the victim voluntary revealing sensitive data) and 17% are phishing attacks (theft of bank card details).

In the Middle East specifically, where Group-IB has just inaugurated its MEA Threat Intelligence & Research Center, scam- and phishing-related violations detected by the company in 2020 grew by 27.5% compared to the previous year. In the current year, Group-IB DRP analysts continue recording new campaigns targeting the region. At the moment, at least 16 countries in the MEA region, including Egypt, Saudi Arabia, and the United Arab Emirates, are being targeted by scammers who are harvesting user personal and payment data via a multistage scam that exploits at least 138 popular brands.

A typical victim receives a link from friends, through social media, in messenger or comes across an ad in search engines inviting them to participate in a prize draw, promotional offer, or survey conducted by a big name or a celebrity. Attracted by a promise to get a prize, a job offer or a cash reward, the victim follows a link and finds themselves on a page with a survey or an online slot machine branded as a well-known company. On this page, a user is asked to complete a survey or fill out an online form and enter their name, city of residence, phone number, information about their education, and etc. Regardless of the user’s answers, they become a winner, after which they’re asked to share the link to the survey/giveaway with up to 20 contacts in WhatsApp messenger. After the victim expands the scam surface, they are redirected to other scam resources — new giveaways, dating services or a phishing website or a website on which the user can infect its device with malware. The total monthly audience of web resources used as a final stage of the scam amounted to 500,000.

The majority of brands exploited in the scheme (34.8%) belong to the telecommunications industry, while 10.4% account for public service and 9.6% more for retail. Other industries that are affected by the scheme include entertainment, fast-food, automotive, electronics, oil and gas sectors, and banking and insurance.

The scammers don’t only exploit well-known brands, but also infringe the personal brands of famous individuals. In Saudi Arabia specifically, scammers promoted cash giveaways using the images of the Saudi royal family, who allegedly decided to fulfill one’s dreams by granting them a check worth $100,000. To get the reward, the user is asked to enter the data of their bank card.

To prevent the campaign from being detected by anti-scam systems, cybercriminals registered their fake pages using Blogspot service to make these pages look legitimate to online content filtering algorithms. Since the beginning of this year, Group-IB DRP analysts detected over 4,300 scam pages registered using the service. These pages were created by over a hundred Blogspot accounts, presumably registered by the same group. According to Group-IB Digital Risk Protection system, this scam group has been active for at least 6 years.

The scamdemic will not end: smart monitoring
Many factors have contributed to the global scamdemic, which stands for the influx of online scams during the pandemic on a scale never seen before: a multitude of fraud schemes and their modifications, the automation of most attack stages, the targeting of specific companies and industries, the many possibilities of concealing cybercriminal activity.

Today, on June 10, 2021, Group-IB revealed Scam Intelligence, a fraudster tracking technology that has laid the foundations for Digital Risk Protection, one of the company’s innovative proprietary solutions. In just one year, the system helped save as much as $443 million for companies in the Asia Pacific region, Russia, Europe, and the Middle East by preventing potential damages.

Neural networks and adaptive scoring help automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry anywhere in the world. An analysis of threat actor activities worldwide by Digital Risk Protection (DRP) helped categorize fraud schemes, with over 100 basic schemes and their modifications detected.

“The scam market is turning into the fastest growing economy in the world, each year, the number of cybercriminals, scams as well as damage caused by them skyrockets,” says Group-IB MEA Director of Business Development Ashraf Koheil. “If you have a well-known brand whether it be a bank, which have been scammers’ favorite for a long time, a consumer goods company or a service provider, it’s just a matter of time when you catch the scammers’ eye. Organizations just cannot handle this scamdemic with a classic monitoring approach and blocking links individually: the scale of fraudulent activity is increasing and this imposes new requirements for tools designed to fight it. The overarching DRP protection should be capable of detecting all components of the infrastructure created by a scammer and see all the elements relating to them. The scam actor-centric approach enriches the monitoring results and makes the monitoring process more sophisticated and scalable.”

Group-IB’s patented DRP technologies in threat intelligence, which are based on the deep understanding of cybercriminals’ logic and behavioral patterns that Group-IB experts accumulated in numerous investigations of high-tech crimes globally, automated graph analysis, and monitoring of threat actor infrastructures in real time help immediately detect fraudsters’ entire networks and block them, as opposed to handling individual links to phishing and scam resources.

All the information gathered about the threat actor and their infrastructure can be compiled into actionable reports for the further transfer to lawyers or law enforcement with the ultimate goal of bringing the scam actor to justice. As such, 85% of violations related to any type of fraud are eliminated as part of a pre-trial process, which saves the protected organization’s resources. Group-IB says it is confident in the level of protection DRP provides and that if a user initiates legal action against a company whose brand has been used in a fraud scheme, Group-IB will cover all the costs.