Group-IB has shared its analysis of the landscape of the world’s most prevalent cyber threat: scams.
The scam industry is becoming more structured and involves more and more parties divided into hierarchical groups, accounting for 57% of all financially motivated cybercrime.
The number of such groups has risen to a record high of 390, which is 3.5 times higher than the maximum number of active groups last year, which was close to 110. The monthly creation of brand-impersonating scam resources has also increased.
Group-IB analysts observed a 150% increase in the Middle East and Africa region.
This is higher than the increases in the Asia-Pacific region (83%) and Europe (89%). Because of SaaS (Scam-as-a-Service), the number of cybercriminals in one scam gang increased tenfold from 2020 to 2021, reaching 100.
Group-IB presented the findings of its research into various scam schemes at the Digital Risk Summit 2022 online conference, which was divided into analytical and technology-related streams. The results were obtained using neural networks and ML-based scoring systems built into the Group-IB Digital Risk Protection platform. Participants at the conference included the United Nations International Computing Centre (UNICC), Scamadviser (a global independent project), Ebank (Egypt), and others.
With more Internet users falling victim to cybercrime every day, fraudsters prefer tried-and-true techniques like phishing (18%), scams and fraud (57%), malware infections, and reputational attacks (25%). Scams were the most common type of cybercrime in 2021.
The monthly creation of brand-impersonating scam resources has also increased. Group-IB analysts observed a 150% increase in the Middle East.
“A strong trend that we observed in 2021 was no-frills scammers merging into groups controlled by highly technically skilled villains,” says Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB.
“Group-IB’s AI-based platform identified somewhere between 75 and 110 scam groups last year, and the average number of cybercriminals per group was 10 members. The average number of scam links per group reached 100. SaaS helped grow not only fraudsters’ appetites, but also the industry itself. In 2021 our DRP system tracked 350 groups, reaching up to 390 scam groups at the peak time. The number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group. In turn, their infrastructure has grown proportionally: the average number of scam links per group was between 2,000 and 3,000,” Dolgalev added.
The number of websites used to buy and sell “gray” and illegal traffic has increased by 1.5 times. Scammers refused to develop and manage their own resources. Their only task was to direct traffic to third-party resources owned by other scammers in exchange for a fee when the money theft was successful.
“Scammers are now focused on attracting targeted traffic. In the past, their schemes were aimed at unsuitable users who were brought to a fraudulent resource, but since 2021 the strategy has changed drastically. Scammers now attract specific groups of victims to increase conversion rates. The only platform for selling “gray” and illegal traffic earns on average $2,758 per week from one offer to sell illegal traffic,”
Dolgalev added. “The statistics relating to grey and illegal traffic on one platform, which was taken as an example by Group-IB DRP analysts, showed that India, US and Vietnam are the main countries where the platform is distributed.”
There was no weak URL targeting. Group-IB experts noted a strong trend towards the use of improved URL targeting: a valid one-off URL, available strictly for a particular user at a specific moment in time, targeted a specific audience. Personalized URLs usually include not only a timestamp and hash, but also geolocation information, the OS version, the browser type, and the name of the Internet provider. There was also no weak content personalization. Fraudsters used improved content personalization with auto-completed web forms on a page with a user’s personal data, extracted from browser cookies.
The main global trend is digitization. Fraud is no exception, and the fact that the number of Internet users is expected to reach 4.95 billion by 2021 aided in this. Furthermore, the number of social media users and unique mobile phone users has increased to 4.62 billion (+10 percent from 2020). Experts concluded that in 2021, 48.15 percent of scam schemes began with an active dialogue with the victim. There was also a trend toward simplifying scam end-pages, with scammers actively shifting their focus to spreading scam proposals through legitimate platforms such as Facebook and Instagram. The reasons for using social media are straightforward. For starters, it is the most effective way to instill trust. Second, social media services are not moderated sufficiently.
The trends identified by Group-IB experts were also confirmed by the company’s partners that also took part in the Summit. Jorij Abraham, General Manager at Global Anti-Scam Alliance & Scamadviser, said that scammers were quickly becoming more and more professional and that the number of reported scams had increased from 139 to 266 million (93%).
“The number of cybercrimes is growing every year. We must stay ahead of scammers. To do so, anyone involved in the cybersecurity market must share their knowledge and data with each other. Only in this way will we be able to win,” says Global Anti-Scam Alliance & Scamadviser Jorij Abraham. “With the appearance of more data and new technologies such as deepfakes, scams have become very difficult to identify.”
As the public’s interest in metaverses grows, Group-IB DRP analysts predict an increase in the number of scams in metaverses. The same is true for cryptocurrencies and NFTs, where scams are already prevalent. Deepfakes and voicefakes will also become more popular — they are among the most common scam methods. According to experts, de-anonymization tools will be used for blackmail and victim personalization.
