Group-IB has discovered a global scam campaign targeting users in over 90 countries all around the world, including the UAE, Oman, and Qatar.
The scammers employ fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with over 120 prominent companies being impersonated. The new wave of this established scam is particularly persistent thanks to targeted links, which make investigating and tackling such attacks increasingly challenging.
The potential victim pool of a single scam network is estimated at about 10 million people, while the potential damage totaled about $80 millionper month, according to Group-IB’s Digital Risk Protection unit.
Personalised lures
The scammers distribute invitations to partake in survey, for which the user is told they will receive a prize. Each offer contains a link leading to the survey website. For “lead generation,” the threat actors use a range of legitimate digital marketing techniques: contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications. After clicking the targeted link, the victim undergoes traffic cloaking, which enables cybercriminals to display different content to different users, based on certain user parameters.
But this destination “branded survey” page takes very long to download as the scammers use redirects and other techniques to gain information about the user. The content on the final page is determined by whatever data the scammers were able to harvest during the download process. The final scam link is customized to the user and can be opened only once. This complicates the detection of such links, which inevitably leads to the scam’s longer life cycle, and hampers the takedown and investigations.
Finally, the user is asked to answer questions to receive a prize from a well-known brand and to fill out a form asking for their personal data, which is allegedly needed to receive the prize, the scammers claim. The data required usually includes the full name, email, postal address, phone number, bank card data, including expiration date and CVV. The scammers can then use the data to buy goods online or can sell it on to other cybercriminals. Victims are also often asked to pay a fee to claim their ‘prize’.
Geography and victim pool
According to Group-IB, this type of fraud has been spotted in 91countries, with cybercriminals exploiting at least 121 brands. Based on the country of origin of the brands affected, the scam’s target regions are Europe(36.3%), Africa (24.2%), and Asia (23.1%). In the Middle East alone, cybercriminals exploited nine brands from Bahrain, Qatar, Oman, Kuwait and the UAE. Globally, telecommunications companies make up more than 50% of the total number of brands exploited, followed by ecommerce and retail brands.
Judging from the number of visitors, scammers’ potential victim pool on one sample network totaled 10million people. Group-IB experts estimate the damage at $80 million per month, based on the number of sites detected, their minimum conversion, and an average money loss on a scam website.
“Just a couple of years ago, online scams were focused on scale: by indiscriminately targeting users, fraudsters tried to ensure that at least someone would take the bite,” said Ashraf Koheil, Director of Business Development, Middle East and Africa at Group-IB. “Over time, as scam awareness was growing, fewer and fewer people fell prey to such schemes, which made it much more difficult for cybercriminals to make money. They started to explore new ways that would meet their financial ambitions. This triggered the scamdemic and the diversity of various fraudulent schemes that we observe today.”
Group-IB founder Dmitry Volkov spoke about security threats and hybrid work trends at GISEC 2021.
