Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Group-IB estimated monthly user losses from targeted fraud in the form of surveys and sweepstakes at $80 million (RUB 5.9 billion) worldwide. This is stated in the new Hi-Tech Crime Trends 2021/2022 report “Scam and Phishing: An Epidemic of Online Fraud”. As bait, attackers illegally exploit more than 120 global brands, for example, in Russia, under the guise of a fake survey on behalf of a large federal retailer, points and money were stolen from users - the average amount written off per buyer was about 50,000 rubles.
A knockout survey
Messages about sweepstakes and surveys are one of the popular fraudulent schemes, but in recent years the technology of delivering fake content to the victim has changed : mass spam mailings, SMS, messages in messengers or email have been replaced by a personalized approach. Now, a separate, so-called targeted link is generated “for the purpose” , using the parameters of the potential victim (country, time zone, language, IP, browser type, etc.) to display relevant content on a fraudulent page. The link itself works only once and only for one specific user, making it difficult to detect and block the fraudulent resource.
Group-IB Digital Risk Protection analysts record the use of targeted fraud in 91 countries around the world , with attackers illegally exploiting more than 120 global brands as bait. Most often, fraudsters promise to “give away” a MacBook, Sony Playstation 5, iPad Pro or top-end Apple and Samsung smartphones for completing a survey.
Thus, in Russia, in fake surveys on behalf of a large Russian retailer (website traffic is 6,500 visitors per day), users were tricked into leaving personal data, email, bank card details or logins and passwords for personal account "accounts" on the fake website. In the case of money theft, the average write-off was 50,000 rubles.
Geography of the scam
Digital Risk Protection specialists have discovered at least 60 different domain name networks where targeted links are created. On average, each of them contains more than 70 domain names. The largest network by the number of domain names used in fraudulent schemes includes 232 domains. This number is created so that in the event of an active resource being blocked, it would be possible to redirect traffic to its “mirror” as soon as possible. In this way, the scammers ensure the “availability” of their scheme, that is, its uninterrupted operation. On average, survey sites are visited by more than 5,000 people per day. According to Group-IB experts, user losses can amount to up to $80 million per month.
For each end resource with fraudulent content, traffic source information was collected by country. Based on this distribution, the main traffic sources for such resources are India (42.2%), Thailand (7%) and Indonesia (4.4%). Based on the identified patterns, the target regions for the distribution of the fraudulent scheme are: Europe (36.3%), Africa (24.2%) and Asia (23.1%).
To combat targeted fraud, experts recommend using high-tech products of the Digital Risk Protection class, which allow identifying and blocking not individual fraudulent sites, but the entire infrastructure of the attackers. This method allows for prompt elimination of violations on all Internet resources involved in the scheme, as well as monitoring domain names on which illegal content may appear at any time.
Source
A knockout survey
Messages about sweepstakes and surveys are one of the popular fraudulent schemes, but in recent years the technology of delivering fake content to the victim has changed : mass spam mailings, SMS, messages in messengers or email have been replaced by a personalized approach. Now, a separate, so-called targeted link is generated “for the purpose” , using the parameters of the potential victim (country, time zone, language, IP, browser type, etc.) to display relevant content on a fraudulent page. The link itself works only once and only for one specific user, making it difficult to detect and block the fraudulent resource.
Group-IB Digital Risk Protection analysts record the use of targeted fraud in 91 countries around the world , with attackers illegally exploiting more than 120 global brands as bait. Most often, fraudsters promise to “give away” a MacBook, Sony Playstation 5, iPad Pro or top-end Apple and Samsung smartphones for completing a survey.
Thus, in Russia, in fake surveys on behalf of a large Russian retailer (website traffic is 6,500 visitors per day), users were tricked into leaving personal data, email, bank card details or logins and passwords for personal account "accounts" on the fake website. In the case of money theft, the average write-off was 50,000 rubles.
Geography of the scam
Digital Risk Protection specialists have discovered at least 60 different domain name networks where targeted links are created. On average, each of them contains more than 70 domain names. The largest network by the number of domain names used in fraudulent schemes includes 232 domains. This number is created so that in the event of an active resource being blocked, it would be possible to redirect traffic to its “mirror” as soon as possible. In this way, the scammers ensure the “availability” of their scheme, that is, its uninterrupted operation. On average, survey sites are visited by more than 5,000 people per day. According to Group-IB experts, user losses can amount to up to $80 million per month.
For each end resource with fraudulent content, traffic source information was collected by country. Based on this distribution, the main traffic sources for such resources are India (42.2%), Thailand (7%) and Indonesia (4.4%). Based on the identified patterns, the target regions for the distribution of the fraudulent scheme are: Europe (36.3%), Africa (24.2%) and Asia (23.1%).
To combat targeted fraud, experts recommend using high-tech products of the Digital Risk Protection class, which allow identifying and blocking not individual fraudulent sites, but the entire infrastructure of the attackers. This method allows for prompt elimination of violations on all Internet resources involved in the scheme, as well as monitoring domain names on which illegal content may appear at any time.
Source
