SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Fri, 11th Jun 2021
FYI, this story is more than a year old

Scams are the leading online crime when it comes to fraud attacks, according to new research from Group-IB.

The global threat hunting and adversary-centric cyber intelligence company released an analysis of fraud schemes on a global scale.

According to the analysis, fraud accounts for 73% of all online attacks, 56% of which are scams, and 17% are phishing attacks.

The Asia Pacific region was found to have the highest increase in the number of detected scam and phishing-related violations last year.

By using Digital Risk Protection technologies, Group-IB detected over 70 scam groups using only one of the fraudulent schemes, Classiscam. In less than a year, Classiscam threat actors alone took $9,140,000 from users.

During the Digital Risk Summit 2021 online conference, which was divided into analytical and technology-related streams, Group-IB presented its research findings of various fraudulent schemes and the analysis of their damage for different geographies and industries.

Group-IB DRP analysts researched multiple fraud schemes and the damage they cause industries worldwide. Participants at the conference included the United Nations International Computing Centre, the global market research and advisory company Forrester, and Scamadviser, an independent project.

On June 10, Group-IB revealed Scam Intelligence, a fraud tracking technology which it says has laid the foundation for Digital Risk Protection, one of the companies proprietary solutions. It says in one year, the system helped save as much as $443 million for companies in the Asia Pacific region, Europe, and the Middle East, by preventing potential damages.

Compared to the previous year, the number of scam and phishing related violations detected by Group-IB in the Asia-Pacific region in 2020 grew by a record high of 88%. Compared to 39% in Europe, 35% in CIS, and 27.5% in the Middle East.

Neural networks and adaptive scoring help automate sophisticated processes that involve detecting and categorising fraud targeted at a specific company or industry anywhere in the world. An analysis of threat actor activities worldwide by Digital Risk Protection helped categorise fraud schemes, with over 100 basic schemes and their modifications detected.

In 2020, a multi-stage fraud scheme called Rabbit Hole, which abused companies brands, mainly targeted retail and online services. Users would receive a link from friends, through social media, or in messaging apps, with a suggestion to participate in a prize draw, promotional offer, or survey. On average, users made 40,000 visits to fraudulent websites per day.

The most widely used fraud scheme during the pandemic has been Classiscam. It targets people who use marketplaces and services relating to property rental, hotel bookings, online bank transfers, online retail, ride-sharing, and delivery.

The scheme's purpose is to extort money as a payment for non-existent goods that will never be delivered. A total o f44 countries have been targeted by the scheme. One Classiscam threat group alone can make up to$114,000per month.

Group-IB says many factors have contributed to what it calls the global scamdemic, a multitude of fraud schemes and their modifications, the automation of most attack stages, the targeting of specific companies and industries, and the many possibilities of concealing cybercriminal activity.

“Today scam is more than just solitary fraudulent web pages, it's an entire industry with advanced technologies under the hood and motivated cybercriminal groups with great financial resources,” says Group-IB-APAC head of Digital Risk Protection, Ilia Rozhnov.

“They choose their targets from various industries, brand recognition is what matters to them, causing financial and reputational damage.

"Expert approach in fighting cybercrime, the understanding of threat actors' logic, and advanced scam tracking technologies are required if companies want not only to detect but also prevent the damage."