Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating and preventing hi-tech cybercrimes, has released a comprehensive analysis of fraud schemes on a global scale. In total, fraud accounts for 73% of all online attacks: 56% are scams (deceit resulting in the victim voluntary revealing sensitive data) and 17% are phishing attacks (theft of bank card details). By using patented Digital Risk Protection technologies, Group-IB experts detected over 70 scam groups employed only in one of the fraudulent schemes, Classiscam. It was established that in one year Classiscam threat actors alone swindled users out of $9,140,000.

During the Digital Risk Summit 2021 online conference (Amsterdam), which was divided into analytical and technology-related streams, Group-IB presented the findings of its research into various fraudulent schemes, obtained with the help of neural networks and ML-based scorings of Group-IB Digital Risk Protection system, which was developed based on the expertise gathered by Group-IB in over a thousand of successfully solved investigations worldwide. Group-IB DRP analysts researched into a multitude of fraud schemes and the damage they cause to industries worldwide. Conference participants included the United Nations International Computing Centre (UNICC), the global market research and advisory company Forrester, and Scamadviser, an independent project.

Sleight of hand: how much money fraudsters make

Today, on June 10, 2021, Group-IB revealed Scam Intelligence, a fraudster tracking technology that has laid the foundations for Digital Risk Protection, one of the company’s innovative proprietary solutions. In one year, the system helped save as much as $443 million for companies in the Asia Pacific region, Russia, Europe, and the Middle East by preventing potential damages.

Compared to the previous year, the number of scam- and phishing-related violations detected by Group-IB in Europe in 2020 grew by 39%, the figure for the Commonwealth of Independent States (CIS) is 35%, the Asia-Pacific region — 88%, and the Middle East — 27.5%

Wanted: the most dangerous fraud schemes

Neural networks and adaptive scoring help automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry anywhere in the world. Numerous probes into threat actor scam activities worldwide by Digital Risk Protection (DRP) helped categorize fraud schemes, with over 100 basic schemes and their modifications detected. For instance, a scheme with fake brand accounts on social media (which is typical for the financial sector) involved on average over 500 fake accounts per bank in 2020. Insurance companies worldwide, on the other hand, suffer from phishing. Over 100 phishing websites per insurer were created last year on average.

In 2020, a multi-stage fraud scheme called Rabbit Hole, which abused companies’ brands, mostly targeted the retail sector and online services. Users received a link from friends, through social media, or in messaging apps with a suggestion to participate in a prize draw, promotional offer, or survey. On average, users made 40,000 visits to fraudulent websites per day. Rabbit Hole attacked the customers of at least 100 brands in various regions. The threat actors strive to steal personal and bank-card data. As part of the scheme, users go through many stages and end up on various resources ranging from public platforms (social media, messaging apps, and websites) to hidden web resources, where access is ensured through phishing links created for each victim individually based on their IP address, device model, and user agent. This means that other users cannot visit the resources and the scheme itself becomes less likely to be detected and blocked.

Classiscam has been the most widely used fraud scheme in the world during the pandemic. The scheme targets people who use marketplaces and services relating to property rental, hotel bookings, online bank transfers, online retail, ride-sharing, and delivery.

The scheme’s purpose is to extort money as a payment for non-existent goods that will never be delivered. A total of 44 countries have been targeted in this fraud scheme. According to Group-IB DRP, 93 brands overall have been abused as part of Classiscam. In early 2021, more than 12,500 threat actors made money through fake delivery service resources. The overall number of websites involved in the scheme reached 10,000. The scale of this type of fraud is immense and the scheme only keeps expanding. One Classicscam threat group alone can make up to $114,000 per month.

The scamdemic will not end: smart monitoring

Many factors have contributed to the global scamdemic, which stands for the influx of online scams during the pandemic on a scale never seen before: a multitude of fraud schemes and their modifications, the automation of most attack stages, the targeting of specific companies and industries, the many possibilities of concealing cybercriminal activity. For instance, according to Group-IB data, 47% of Classiscam-related violations occurring on third-level domains, which makes them harder for analysts to detect and block first-level domain since it’s technically clean.

Group-IB’s patented DRP technologies in threat intelligence, which are based on the deep understanding of cybercriminals’ logic and behavioral patterns that Group-IB experts accumulated in numerous investigations of high-tech crimes globally, automated graph analysis, and monitoring of threat actor infrastructures in real time help immediately detect fraudsters’ entire networks and block them, as opposed to handling individual links to phishing and scam resources. All the information gathered about the threat actor and their infrastructure can be compiled into actionable reports for the further transfer to lawyers or law enforcement with the ultimate goal of bringing the scam actor to justice. As such, 85% of violations related to any type of fraud are eliminated as part of a pre-trial process, which saves the protected organization’s resources. Group-IB says it is confident in the level of protection DRP provides and that if a user initiates legal action against a company whose brand has been used in a fraud scheme, a special insurance program will cover part of the costs.