10 June 2021

Global Scamdemic: Scams Become Number One Online Crime

Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating and preventing hi-tech cybercrimes, has released a comprehensive analysis of fraud schemes on a global scale. In total, fraud accounts for 73% of all online attacks: 56% are scams (deceit resulting in the victim voluntary revealing sensitive data) and 17% are phishing attacks (theft of bank card details). By using patented Digital Risk Protection technologies, Group-IB experts detected over 70 scam groups employed only in one of the fraudulent schemes, Classiscam. It was established that in one year Classiscam threat actors alone swindled users out of $9,140,000.

During the Digital Risk Summit 2021 online conference (Amsterdam), which was divided into analytical and technology-related streams, Group-IB presented the findings of its research into various fraudulent schemes, obtained with the help of neural networks and ML-based scorings of Group-IB Digital Risk Protection system, which was developed based on the expertise gathered by Group-IB in over a thousand of successfully solved investigations worldwide. Group-IB DRP analysts researched into a multitude of fraud schemes and the damage they cause to industries worldwide. Conference participants included the United Nations International Computing Centre (UNICC), the global market research and advisory company Forrester, and Scamadviser, an independent project.

Sleight of hand: how much money fraudsters make

Today, on June 10, 2021, Group-IB revealed Scam Intelligence, a fraudster tracking technology that has laid the foundations for Digital Risk Protection, one of the company’s innovative proprietary solutions. In one year, the system helped save as much as $443 million for companies in the Asia Pacific region, Russia, Europe, and the Middle East by preventing potential damages.

Compared to the previous year, the number of scam- and phishing-related violations detected by Group-IB in Europe in 2020 grew by 39%, the figure for the Commonwealth of Independent States (CIS) is 35%, the Asia-Pacific region — 88%, and the Middle East — 27.5%

Wanted: the most dangerous fraud schemes

Neural networks and adaptive scoring help automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry anywhere in the world. Numerous probes into threat actor scam activities worldwide by Digital Risk Protection (DRP) helped categorize fraud schemes, with over 100 basic schemes and their modifications detected. For instance, a scheme with fake brand accounts on social media (which is typical for the financial sector) involved on average over 500 fake accounts per bank in 2020. Insurance companies worldwide, on the other hand, suffer from phishing. Over 100 phishing websites per insurer were created last year on average.

In 2020, a multi-stage fraud scheme called Rabbit Hole, which abused companies’ brands, mostly targeted the retail sector and online services. Users received a link from friends, through social media, or in messaging apps with a suggestion to participate in a prize draw, promotional offer, or survey. On average, users made 40,000 visits to fraudulent websites per day. Rabbit Hole attacked the customers of at least 100 brands in various regions. The threat actors strive to steal personal and bank-card data. As part of the scheme, users go through many stages and end up on various resources ranging from public platforms (social media, messaging apps, and websites) to hidden web resources, where access is ensured through phishing links created for each victim individually based on their IP address, device model, and user agent. This means that other users cannot visit the resources and the scheme itself becomes less likely to be detected and blocked.

Classiscam has been the most widely used fraud scheme in the world during the pandemic. The scheme targets people who use marketplaces and services relating to property rental, hotel bookings, online bank transfers, online retail, ride-sharing, and delivery.

The scheme’s purpose is to extort money as a payment for non-existent goods that will never be delivered. A total of 44 countries have been targeted in this fraud scheme. According to Group-IB DRP, 93 brands overall have been abused as part of Classiscam. In early 2021, more than 12,500 threat actors made money through fake delivery service resources. The overall number of websites involved in the scheme reached 10,000. The scale of this type of fraud is immense and the scheme only keeps expanding. One Classicscam threat group alone can make up to $114,000 per month.

The scamdemic will not end: smart monitoring

Many factors have contributed to the global scamdemic, which stands for the influx of online scams during the pandemic on a scale never seen before: a multitude of fraud schemes and their modifications, the automation of most attack stages, the targeting of specific companies and industries, the many possibilities of concealing cybercriminal activity. For instance, according to Group-IB data, 47% of Classiscam-related violations occurring on third-level domains, which makes them harder for analysts to detect and block first-level domain since it’s technically clean.

Last year, the world was hit by scamdemic: if your company is successful and well-known, it’s just a matter of time when scammers have their eye on it. Digital risks for brands such as online scams, illegal sales of products and services, and intellectual property infringements are the most wide spread crimes on the Internet. One cannot fight such scams by employing a classic monitoring approach and blocking links individually. Group-IB DRP system grants analysts with a tool for uncovering scam actor’s entire infrastructure and learning about various categories of scams that might target their organizations. Group-IB DRP helps our customers to establish the identity of the person behind the wrongdoing, gather as much information about them as possible and bring them to justice.

Dmitriy Tiunkin

Dmitriy Tiunkin

Group-IB head of Digital Risk Protection, Europe

Group-IB’s patented DRP technologies in threat intelligence, which are based on the deep understanding of cybercriminals’ logic and behavioral patterns that Group-IB experts accumulated in numerous investigations of high-tech crimes globally, automated graph analysis, and monitoring of threat actor infrastructures in real time help immediately detect fraudsters’ entire networks and block them, as opposed to handling individual links to phishing and scam resources. All the information gathered about the threat actor and their infrastructure can be compiled into actionable reports for the further transfer to lawyers or law enforcement with the ultimate goal of bringing the scam actor to justice. As such, 85% of violations related to any type of fraud are eliminated as part of a pre-trial process, which saves the protected organization’s resources. Group-IB says it is confident in the level of protection DRP provides and that if a user initiates legal action against a company whose brand has been used in a fraud scheme, a special insurance program will cover part of the costs.

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident