Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Success Story

Group-IB x Digital Wealth Management Platform Success Story

Learn how Group-IB’s Digital Risk Protection uncovered a sophisticated fraud network behind a suspicious resource.
Download PDF
Cover a digital wealth management platform

About Our Customer

It is an Asia’s leading digital wealth management platform for financial institutions.The customer discovered there was a suspicious website imitating company’s official website and contacted Group-IB to resolve the problem. This particular fraudulent website was made to steal money from visitors by offering them fake investments under company’s brand. They realised they needed urgent help from cyber security professionals specializing in digital risk and brand abuse protection, so they contacted Group-IB.

After the first analysis Group-IB identified that this suspicious resource is a part of a much larger infrastructure. It appeared not to be a sole case: the resource owner is an advanced scammer with a distributed network of fraudulent websites attacking different brands.

Region

Worldwide

Industry

Fintech, retail software

Employees

250+
certified cybersecurity experts

IT environment

Cloud-native architecture, Android-based applications

How did Group-IB solve the issue?

First of all, Group-IB researched the threat landscape for the customer as well as previous case details. Group-IB Digital Risk Protection applies a complex approach to investigate and reveal the entire infrastructure of the attacker. We vetted all sources which may be used in fraud spreading and brand violation purposes:

  • Search engine results
  • Consonant domain names
  • Social networks
  • Classifieds
  • Mobile application stores
  • Image search
  • Advertising

Analysis and attribution allowed us to understand that we faced a professional fraudster who was constantly creating such fraudulent websites and the resource our client signalized about was neither first nor last one.

The potential damage estimation is no goodnews. According to Group-IB’s statistics, fraudulent website traffic can reach about 5 000 visitors per day. Average loss of every scammed user is 100-200 dollars.”
Kamo Basentsyan
Kamo Basentsyan
Business Development Director (APAC), Group-IB Singapore

Results

100+ affiliates by registration data domain names
13 connections with other domains
Connection with domain owner’s personal avatar

As a result of this thorough landscape investigation, Group-IB revealed all potential risks and provided our customer with preventive recommendations. This helped to avoid the massive spread of fraudulent resources at an early stage.

Along with threat landscape research we also investigated the precedents. Group-IB checked the resource infrastructure if there are any affiliated resources aimed at the company. As a result, one more suspicious website was detected and taken down.

For investigation purposes we used Group-IB’s technology — Graph.

Domain owner used quite unique registration data which was captured by Graph. Deeper analysis revealed that the same data was recently used for registration of over 900 domains.

Currently, Graph includes:

A database of 1.4bln domains + more than 577mln second-level domain names
1bln SSI certificates
200mln+ of SSH keys
4.2bln of IP addresses
15 years history of all changes made in the web over last 15 years

Stopping the activity of scammers

Those resources all belong to the same scammer but involve other brands or brandless scams. Rapid and professional actions of Group-IB helped to stop attacks and protected client’s brand from damage extension.

Following months of monitoring proved that the scam activity was completely stopped

Current services from Group-IB include detection and response to any form of illegal brand or trademark usage, including social networks.

Group-IB’s complex approach allows our customers to be assured that their digital reputation and users personal data are safely protected.