Dubai: — Group-IB, a global cybersecurity leader headquartered in Singapore, has today published Digital Risk Trends, a comprehensive analysis of the world’s two most common cyber threats: scams and phishing. The average number of scam resources created per brand, defined as the number of instances in which a brand's image and logo was appropriated for use in scam campaigns, across all regions and industries more than doubled year-on-year in 2022, up 162%. This figure in the Middle East and Africa (MEA) region in 2022 was 135% higher year-on-year compared to 2021. Additionally, the number of phishing websites detected by Group-IB’s Digital Risk Protection in 2022 was more than three times higher than in 2021. These findings build upon the 2022 Global State of Scams Report, published by the Global Anti Scam Alliance and ScamAdviser in collaboration with Group-IB, which revealed that scams caused over $55 billion in damages. The so-called scamdemic shows no signs of slowing down.
Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes. For example, in the notable Classiscam scam-as-a-service scheme, more than 80% of operations are now automated. Social media is often the first point of contact between scammers and victims, and nowhere was this more apparent than in the MEA region. Group-IB analysts found that 92% of scam resources targeting MEA companies in the oil and gas, financial, and banking sectors leveraged social media, proportionally the highest of any global region.
To conduct this research, Group-IB experts leveraged the neural networks and machine-learning algorithms incorporated into the company’s proprietary Digital Risk Protection platform. By continuously and automatically monitoring millions of online resources, Digital Risk Protection provides brands with 360-degree coverage against external digital risks to their intellectual property and brand identity.
Scam surge
Group-IB separates the concepts of phishing and scam, given the fact that these cyber threats have different outcomes and, most importantly, fall under different legal rules when it comes to incident response. Phishing is a generally recognized violation that results in the theft of personal information, such as account credentials or bank card data. Cybercriminals consider an attack to be successful when they receive such data. Scams refer to any attempt by a cybercriminal to deceive a victim into voluntarily handing over money or sensitive information.
According to Group-IB, scams accounted for 57% of all financially-motivated cybercrime in 2021 outpacing phishing, ransomware, malware, and DDoS. As shown in the Digital Risk Trends report, the average number of scam resources per brand globally in 2022 more than doubled when compared to 2021. As shown in Digital Risk Trends, the average number of scam resources per brand globally in 2022 more than doubled when compared to 2021, and this growth was particularly noticeable in developing countries. In the Middle East and Africa region, the average number of scam resources per brand in the oil and gas, financial, and banking sectors increased 135% year-on-year, with 92% of scam resources being shared on social media (up from 80% in 2021). Group-IB researchers have previously detailed how scammers have become adept at impersonating some of the MEA region’s largest companies on social media to target job seekers, soccer fans, and individuals looking to source a domestic worker. In Europe, where 48% of scams were spread via messengers, the average number of scam resources per brand increased by only 74%.
Globally, scammers’ interest in the financial sector skyrocketed dramatically, as the average number of scam resources created per financial brand increased year-on-year by 186% in 2022. Similar growth was observed in the oil and gas sector (112%) and the manufacturing industry (55%).
In total, Group-IB detected 304% more scam resources that utilized the name and likeness of legitimate brands in 2022 compared to the preceding year. The financial sector was the most targeted industry, as 74.2% of intellectual property violations, such as the illegal use of trademarks, misrepresentation of brand partnerships, scam advertising, fake social media and messenger accounts, and fake brand applications targeted companies from this vertical. Other majorly hit sectors were lotteries (12.0%), oil and gas (5.3%) and retail (3.2%). In addition, finance and social media were the two most commonly phished industries.
“Scam campaigns are not just affecting more brands each year as the impact that each individual brand faces is growing larger as well. Scammers are using a vast amount of domains and social media accounts to not only reach a greater number of potential victims, but also evade counteraction. We are also seeing the growing popularity of account hijacking to spread phishing links to fake websites, along with new techniques such as browser-in-the-browser phishing,” Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team, said.
Well-oiled machine
A major driver of the increase in scam activity and a growing trend seen throughout the underground economy is the automation of many previously manual processes that required technical know-how. By doing so, threat actors are able to scale their operations quicker, while the increasingly larger ecosystem and role distribution provides greater safety. This trend is likely to increase in the future, given that cybercriminals can use AI-driven text generators to craft ever-more convincing copy for their scam and phishing campaigns.
“Scam campaigns are not just affecting more brands each year as the impact that each individual brand faces is growing larger as well. Scammers are using a vast amount of domains and social media accounts to not only reach a greater number of potential victims, but also evade counteraction. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cybercriminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future,” Sharef Hlal, Head of the Group-IB Digital Risk Protection Analytics Team (MEA), said.
Group-IB researchers in 2019 discovered Classiscam, a scam-as-a-service affiliate program designed to steal the payment and personal data of users from popular classifieds and marketplaces. This scheme has become increasingly automated, as threat actors can now create a phishing site and arrange payment through an e-wallet all through Telegram bots. Classiscam initially originated in Eastern Europe, and subsequently spread across the globe. To date, Group-IB has identified 1,366 Classiscam groups and the company has obtained detailed statistics about 393 of them. The observed groups have carried out more than 486,000 attacks, emulating 251 brands from 79 countries, and Group-IB estimates that the financial damage from this scam scheme is at least USD $64 million.
Master of the domain
Another example of the growing impact of automation in the scam industry is the rapid uptick in the number of scam resources hosted on the .tk domain. Affiliate programs automatically generate links on this domain zone, and they accounted for 38.8% of all scam resources examined by Group-IB in the second half of 2022. In H1 2022, Group-IB found zero scams on the .tk domain. Other free-to-use domains, such as .gq, and .ml, also surged in popularity in the second half of 2022, accounting for 8.0% and 7.8% of scam domains, respectively.
Group-IB’s Digital Risk Trends report details the latest trends within the scam and phishing sectors of the underground economy in 2022, contrasting the latest data with preceding years and offering expert forecasts for the year ahead. The report is primarily intended for cybersecurity experts such as CISOs, the security teams of targeted enterprises, SOC analysts and incident response specialists. The new report is available for download here.
-Ends-
About Group-IB
Group-IB, with its headquarters in Singapore, is one of the leading solutions providers dedicated to detecting and preventing cyberattacks, investigating high-tech crimes, identifying online fraud, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), Asia-Pacific (Singapore), and Europe (Amsterdam).
Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat Intelligence, Managed XDR, Digital Risk Protection, Fraud Protection, Attack, Surface Management, Business Email Protection, Audit & Consulting, Education & Training, Digital Forensics & Incident Response, Managed Detection & Response, and Cyber Investigations.
Group-IB’s Threat Intelligence system has been named one of the best in its class by Gartner, Forrester, and IDC. Group-IB’s Managed XDR, intended for proactively searching for and protecting against complex and previously unknown cyber threats, has been recognized as one of the market leaders in the Network Detection and Response category by KuppingerCole Analysts AG, the leading European analyst agency, while Group-IB itself has been recognized as a Product Leader and an Innovation Leader.
Gartner has named Group-IB a Representative Vendor in Online Fraud Detection for its Fraud Protection. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks, with the company’s patented technologies at its core. Group-IB’s technological leadership and R&D capabilities are built on the company’s 20 years of hands-on experience in cybercrime investigations worldwide and over 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.
Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.
Group-IB's experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB's mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.
For more information, please contact:
pr@group-ib.com
https://www.group-ib.com
https://www.group-ib.com/blog
Media Contact:
Krisha Doshi
Active DMC
krisha@activedmc.com
