Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
Group-IB presented an analysis of fraudulent schemes in the global network. In total, fraud accounts for 73% of all cybercrimes on the Internet, of which 56% are scams (fraud with a voluntary payment and disclosure of their data) and 17% are phishing (theft of bank card data).
Analyzing the damage from fraud, experts have identified at least 70 active scam groups working according to the "Mammoth" scheme. Of these, 54 are aimed at Russian citizens. In less than a year, they stole about 700 million rubles from users.
The heyday of scam fell on 2020, which passed against the backdrop of a global pandemic, which predetermined the appearance of the concept of "scam" (from anl scam / pandemic). In 2020, the increase in the number of violations in Russia related to scam and phishing recorded by Group-IB amounted to 35% compared to the year before last. For comparison: in Europe this figure is 39%, in the Asia-Pacific region 88%, in the Middle East - 27.5%. The economic prerequisites for the intensive spread of fraud were the business going online and the global pandemic: 40% of sales today are realized through social networks.
For the first time, Group-IB has publicly unveiled Scam Intelligence technologies for tracking fraudulent groups, which became the "core" of its own innovative Digital Risk Protection system, developed on the basis of many years of experience in investigating cybercrime in the world. During the year, with its help, it was possible to prevent damage to business in Russia in the amount of 18.8 billion rubles. In the world as a whole, the prevented damage is estimated at $ 443 million.
The use of neural networks and adaptive scoring makes it possible to automate complex processes of identifying and classifying types of fraud used for a specific company and industry in any country in the world. The analysis by the DRP system of the activity of cybercriminals around the world made it possible to classify fraudulent schemes, revealing about a hundred basic schemes and their various modifications.
The most dangerous fraud schemes
Thus, the scheme with fake brand accounts on social networks, which is most typical for the financial segment, accounted for, on average, over 500 fake accounts per bank in 2020. Insurance companies around the world suffer from phishing: more than 100 phishing sites, on average, were created last year for one insurance company.
Targeted multi-stage fraud, dubbed "White Rabbit" with the illegal use of companies' brands, in 2020 was mainly aimed at the retail segment and Internet services. When users received a link from friends or "companies" through social networks or messengers with an offer to participate in a prize drawing, promotions or take a survey, users, on average, made 40,000 active visits to fraudulent sites per day.
In general, the White Rabbit attacked the clients of at least 100 well-known brands. The purpose of the scammers is to steal money, bank card data and personal data. Users go through many stages, finding themselves on different public platforms (social networks, messengers, websites) and ending with hidden web resources, for access to which an individual phishing link is generated for each victim, based on the location, IP address, device model, user agent ... This makes it impossible for another user to open them, and the scheme itself becomes less vulnerable to detection and blocking.
The most widespread during the pandemic in Russia was the Mammoth scam, aimed at users of message boards, courier delivery services, real estate rental, hotel reservations, online bank transfers, online retail and search for travel companions.
The purpose of the scheme is to extort money as payment for non-existent goods that will never be delivered or services that will not be provided. A total of 44 countries, including Russia, are in the focus of fraudsters. A total of 93 brands are exploited in the Mammoth fraudulent scheme. By early 2021, the total number of involved cybercriminals making money on fake courier services was 12,500. And the total number of sites used in the scheme has reached 10,000. The scope of this type of fraud is enormous, the scheme is constantly scaling. Only one criminal group operating under the Mammoth scheme earns up to 8.9 million rubles per month.
At the moment, more than 70 fraudulent groups specializing in the Mammoth scheme are under continuous DRP monitoring, 54 of which are aimed at Russian users. On average, there are at least 500 fraudulent sites associated with one scam group that aim to steal money and bank card data.
Scamdemia will not work
The variety of fraudulent schemes and their modifications, the automation of most stages of attacks, targeting for a specific company or industry, as well as broad opportunities to conceal cybercriminal activity - have become the technological prerequisites for the online fraud epidemic - scamdemic. For example, 47% of violations by scam schemes are located on third-level domains, which does not allow manual detection of fraud or blocking the first domain, since it is formally "clean".
Based on materials from Group-IB
Analyzing the damage from fraud, experts have identified at least 70 active scam groups working according to the "Mammoth" scheme. Of these, 54 are aimed at Russian citizens. In less than a year, they stole about 700 million rubles from users.
The heyday of scam fell on 2020, which passed against the backdrop of a global pandemic, which predetermined the appearance of the concept of "scam" (from anl scam / pandemic). In 2020, the increase in the number of violations in Russia related to scam and phishing recorded by Group-IB amounted to 35% compared to the year before last. For comparison: in Europe this figure is 39%, in the Asia-Pacific region 88%, in the Middle East - 27.5%. The economic prerequisites for the intensive spread of fraud were the business going online and the global pandemic: 40% of sales today are realized through social networks.
For the first time, Group-IB has publicly unveiled Scam Intelligence technologies for tracking fraudulent groups, which became the "core" of its own innovative Digital Risk Protection system, developed on the basis of many years of experience in investigating cybercrime in the world. During the year, with its help, it was possible to prevent damage to business in Russia in the amount of 18.8 billion rubles. In the world as a whole, the prevented damage is estimated at $ 443 million.
The use of neural networks and adaptive scoring makes it possible to automate complex processes of identifying and classifying types of fraud used for a specific company and industry in any country in the world. The analysis by the DRP system of the activity of cybercriminals around the world made it possible to classify fraudulent schemes, revealing about a hundred basic schemes and their various modifications.
The most dangerous fraud schemes
Thus, the scheme with fake brand accounts on social networks, which is most typical for the financial segment, accounted for, on average, over 500 fake accounts per bank in 2020. Insurance companies around the world suffer from phishing: more than 100 phishing sites, on average, were created last year for one insurance company.
Targeted multi-stage fraud, dubbed "White Rabbit" with the illegal use of companies' brands, in 2020 was mainly aimed at the retail segment and Internet services. When users received a link from friends or "companies" through social networks or messengers with an offer to participate in a prize drawing, promotions or take a survey, users, on average, made 40,000 active visits to fraudulent sites per day.
In general, the White Rabbit attacked the clients of at least 100 well-known brands. The purpose of the scammers is to steal money, bank card data and personal data. Users go through many stages, finding themselves on different public platforms (social networks, messengers, websites) and ending with hidden web resources, for access to which an individual phishing link is generated for each victim, based on the location, IP address, device model, user agent ... This makes it impossible for another user to open them, and the scheme itself becomes less vulnerable to detection and blocking.
The most widespread during the pandemic in Russia was the Mammoth scam, aimed at users of message boards, courier delivery services, real estate rental, hotel reservations, online bank transfers, online retail and search for travel companions.
The purpose of the scheme is to extort money as payment for non-existent goods that will never be delivered or services that will not be provided. A total of 44 countries, including Russia, are in the focus of fraudsters. A total of 93 brands are exploited in the Mammoth fraudulent scheme. By early 2021, the total number of involved cybercriminals making money on fake courier services was 12,500. And the total number of sites used in the scheme has reached 10,000. The scope of this type of fraud is enormous, the scheme is constantly scaling. Only one criminal group operating under the Mammoth scheme earns up to 8.9 million rubles per month.
At the moment, more than 70 fraudulent groups specializing in the Mammoth scheme are under continuous DRP monitoring, 54 of which are aimed at Russian users. On average, there are at least 500 fraudulent sites associated with one scam group that aim to steal money and bank card data.
Scamdemia will not work
The variety of fraudulent schemes and their modifications, the automation of most stages of attacks, targeting for a specific company or industry, as well as broad opportunities to conceal cybercriminal activity - have become the technological prerequisites for the online fraud epidemic - scamdemic. For example, 47% of violations by scam schemes are located on third-level domains, which does not allow manual detection of fraud or blocking the first domain, since it is formally "clean".
The use of Group-IB's patented DRP search and tracking of cybercriminals, automated graph analysis and real-time tracking of the cybercriminals' infrastructure allow detecting the entire fraudulent network at once, blocking it, rather than individual links to phishing and scam resources. Thus, 85% of violations associated with any type of fraud are eliminated out of court, saving the resources of protected organizations.
Based on materials from Group-IB
