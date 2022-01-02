



Dubai, December 21, 2021: Group-IB, one of the world’s cyber security leaders, discovers a global fraudulent campaign targeting users in more than 90 countries around the world, including the UAE, Oman and Qatar. Did. Fraudsters have adopted a trial-and-error technique to steal user’s personal and payment data using fake investigations and giveaways from popular brands, and the total number of well-known companies disguised in this scheme. Is over 120. It is particularly persistent thanks to link innovations targeting fraudster toolsets, making investigating and addressing such attacks increasingly difficult.

According to the Group-IBs Digital Risk Protection Unit, the potential victim pool for a single fraudulent network is estimated to be approximately 10 million, with potential damage amounting to approximately $ 80 million per month.

Personal customer service

Fraudsters trap victims by distributing invitations to participate in the investigation. After that, the user is supposed to receive the prize. Each such offer contains a link to the research website. For lead generation, threat actors use all possible legitimate digital marketing tools, including content-targeted ads, ads on legitimate and completely fraudulent sites, SMS, email outs, and pop-up notifications. To build a relationship of trust with the victim, scammers register a similar domain name with the official domain name. Less often, I also saw links to calendars and posts on social networks. After clicking on the target link, the user participates in so-called traffic cloaking. This allows cybercriminals to display different content to different users based on specific user parameters.

However, downloading this destination brand survey page can be very time consuming. This is because the victim falls into a long chain of redirects, during which the scammers collect information about sessions such as country, timezone, language, IP, and browser. The content of the final page is determined based on the content. Learned about users and tailored them to their interests as much as possible. The final fraudulent link is customized for a particular user and can only be opened once. This complicates the detection of such links, which inevitably prolongs the fraudulent life cycle and prevents removal and investigation.

At the final stage, users are asked to answer questions to receive prizes from well-known brands and fill out a form requesting the personal data required to receive prizes. The required data usually includes bank card data including name, email, address, phone number, expiration date and CVV.

Fraudsters can use stolen data to buy products online, register fake user accounts on online resources, and sell personal information on the dark web. In addition to publishing data, users may be required to pay taxes or test payments to receive prizes.

Fraud Scale: Geography and Victims

According to Group-IB DRP analysts, this type of scam has been found in 91 countries, with cybercriminals feeding on at least 121 brands. Based on the country of origin of the affected brands, the target regions for fraud are Europe (36.3%), Africa (24.2%), and Asia (23.1%). In the Middle East alone, cybercriminals have abused nine brands: Bahrain, Qatar, Oman, Kuwait and the United Arab Emirates. Globally, cybercriminals have primarily attempted to abuse the brands of major telecommunications companies that have a special affection for this scheme, accounting for more than 50% of the total number of brands being abused, with e-commerce and retail Follow it.

Group-IB analysts have detected at least 60 different fraudulent networks operating TargetLink. On average, each contains over 70 domain names. One of the largest networks in terms of attracted traffic contained more than 50 domain names. Judging by the number of visitors, the potential victim pool of scammers on this network alone totals 10 million. Group-IB experts estimate $ 80 million in monthly damage based on the number of sites detected, their minimum conversions, and the average monetary loss on fraudulent websites. The Group-IB team was able to analyze where the visitors came from for each particular website hosting malicious content. The main traffic sources of TargetLink operators are India (42.2%), Thailand (7%) and Indonesia (4.4%).

Only a few years ago, online scams focused on scale. Fraudsters have tried to indiscriminately target users so that at least someone can bite, commented Ashraf Koheil, Director of Middle East and Africa Business Development at Group-IB. Over time, as fraud awareness increased, fewer and fewer people were prey to such plans, making it much harder for cybercriminals to make money. They have begun to look for new ways to meet their financial ambitions. This has caused the fraud and variety of various fraud plans we are observing today. The various scams observed around the world today are detailed in the annual Hi-Tech Crime Trends 2021/2022 Report Scams and Phishing.

