Security MEA in a discussion with Ashraf Koheil, Group-IB Middle East & Africa Director of Business Development on Group IB’s comprehensive analysis of scam schemes.
What was the major finding of Group IB’s comprehensive analysis of scam schemes? Elaborate.
Scams rank at the top of all online crime. In the Middle East, scam- and phishing-related violations detected by Group-IB in 2020 grew by 27.5% compared to the previous year. The pandemic brought a rapid increase in fraudulent activity, with 40% of all sales today being made through social media. This trend paves the way for growth, not just for businesses but also as regards online fraud. In total, fraud accounts for 73% of all online attacks: 56% are scams (deceit resulting in the victim voluntarily revealing sensitive data), and 17% are phishing attacks (theft of bank card details), according to Group-IB data.
We have a dedicated unit called Digital Risk Protection (DRP) tasked with monitoring and blocking different scams that involve brand abuse. In the Middle East, where Group-IB has just inaugurated its MEA Threat Intelligence & Research Center, we’ve detected an ongoing large-scale scam campaign exploiting nearly 140 famous brands from over 15 Arab-speaking countries.
Globally, we’ve seen more than 70 scam groups that were implicated in one of the international fraudulent schemes using a Scam-as-a-Service model coined “Classiscam.” While this operation originated in 2019 and only targeted Russian-speaking online marketplace users, it has expanded exponentially into a global cyber pandemic that saw its peak in 2020.
Elaborate on the working model of scammer tracking technology, Scam Intelligence and the role played by it in this analysis.
Our Digital Risk Protection (DRP) platform has been instrumental in analyzing this high-scale scam scheme. Attribution to specific Classiscam actor groups was possible thanks to Scam Intelligence’s proprietary technology, which laid the Digital Risk Protection platform foundations. In just one year, the system helped save as much as $443 million for companies in the Asia Pacific, Russia, Europe, and the Middle East by preventing potential damages.
Neural networks and adaptive scoring help automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry anywhere in the world. An analysis of threat actor activities worldwide by Digital Risk Protection (DRP) helped categorize fraud schemes, with over 100 basic schemes and their modifications detected.
Our platform leverages machine learning and AI to detect violations in an early manner. Through the 24/7 monitoring of millions of resources, including domain names, app stores, contextual advertising, and social media, the DRP platform allows for the early identification of potential threat actors. At least 85% of violations are eliminated through the platform. Group-IB can block the phishing and scams which are detected on a priority basis. This platform has allowed us to identify the reach, extent of damage, and specificities of this scam scheme.
What role has the pandemic played in the fraudulent scams?
As the pandemic forced individuals and businesses alike to become reliant on online connectivity, this has led to the inevitable increase in scams. Many companies have turned out to be unprepared for the online transformation regarding how mature their cybersecurity and digital asset protection processes are.
Data breaches have skyrocketed during the pandemic, which exposed vast amounts of personal data about users. Scammers quickly figured out how to use this information to their advantage, which has given rise to targeted, personalized scams in the form of calls, SMS marketing, robocalls, and ads impersonating brands.
People have always been susceptible to social engineering, given that we are prone to acting on our emotions. The pandemic has fueled our fears and uncertainties even further. Scams thrive on news about COVID-19. Scam actors adjust to the population’s growing demands for health and safety essentials, including masks, gloves, and protective kits during a time of lockdown. The combination of these factors created a perfect storm for the scamdemic.
Give insights into the UAE statistics and which are the major sectors under attack.
The UAE’s brands exploited by the scammers constituted 10.2% of all brands impersonated by the scammers in the scheme within the Middle East, ranking third, following Saudi Arabia in the first place and Jordan in second.
These scams happen once a victim receives a link from friends, through social media, in messenger, or comes across an ad in search engines inviting them to participate in a prize draw, promotional offer, or survey conducted by a big name or a celebrity. The victim follows a link and finds themselves on a page with a survey or an online slot machine branded as a well-known company. On this page, a user is asked to complete a survey or fill out an online form and enter their name, city of residence, phone number, information about their education, etc. Regardless of the user’s answers, they become a winner, after which they’re asked to share the link to the survey/giveaway with up to 20 contacts in WhatsApp messenger. After the victim expands the scam surface, they are redirected to other scam resources — new giveaways, dating services, a phishing website, or a website on which the user can infect its device with malware. The total monthly audience of web resources used as a final stage of the scam amounted to 500,000.
The majority of brands that were abused in the scheme (34.8%) belong to the telecommunications industry, while 10.4% account for online public services and 9.6% more for retail. Other sectors affected by the scheme include entertainment, fast food, automotive, electronics, oil and gas sectors, and banking and insurance.
How is Group-IB playing a role in aiding its customers from scams in the Middle East?
If you have a well-known brand, whether it be a bank, a scammers’ favorite for a long time, a consumer goods company, or a service provider, it’s just a matter of time when you catch the scammers’ eye. Organizations cannot handle this scamdemic with a classic monitoring approach and blocking links individually: the scale of fraudulent activity is increasing, which imposes new requirements for tools designed to fight it. The overarching DRP protection should detect all components of the infrastructure created by a scammer and see all the elements relating to them. The scam actor-centric approach enriches the monitoring results and makes the monitoring process more sophisticated and scalable.
The Middle East and Africa Threat Intelligence & Research Center, a new addition to our artillery, will provide us with the regional insight needed to protect the MEA region better. We aim to do this thanks to our battle-tested analysts and experts who carried out more than 1,200 successful investigations over 18 years worldwide, enriching the Group-IB’s technology ecosystem with a first-hand understanding of intrusion tactics used in the most sophisticated cyberattacks.