Through sophisticated obfuscation techniques, cyber scammers have profited handsomely during the pandemic, according to recent fraud research.

Running alongside the global pandemic is a scamdemic, according to cyber intelligence and threat hunting firm Group-IB’s research.

In a “comprehensive analysis of fraud schemes on a global scale”, the firm announced that fraud accounted for 73% of all online attacks: 56% were scams (deceit resulting in victims voluntarily revealing sensitive data) and 17% were phishing attacks.

In particular, the Asia-Pacific region (APAC) had the highest increase in the number of detected scam- and phishing-related violations last year, according to the firm’s data. Just one fraudulent scheme, such as Classiscam, could involve over 70 scam groups because it was so lucrative. It was established that in less than a year Classiscam threat actors had swindled users out of S$9,140,000.

Tracking fraud with technology

Compared to the previous year, the number of scam- and phishing-related violations detected by Group-IB in APAC in 2020 has grown by 88%. In comparison, the figure for Europe was 39%, the Commonwealth of Independent States—35%, and the Middle East—27.5%.

Last year, a multi-stage fraud scheme called Rabbit Hole abused at least 100 popular brand names to trick victims with fake lucky draws, promotional offers or surveys to make up to 40,000 visits to fraudulent websites per day. As part of the scam, victims were put through various resources ranging from public platforms (social media, messaging apps, and websites) to hidden web resources, where access was ensured through phishing links created specifically for each victim individually based on their IP address, device model, and user agent.

This elaborate and personalized meant that normal web users cannot inadvertently visit the phishing resources and cause the scheme to be detected and blocked due to their complaints.

However, Group-IB managed to spot such scams via the use of neural networks and adaptive scoring to automate sophisticated processes that detect and categorize fraud targeted at any company or industry in the world.

This patented ‘digital risk protection’ technology was put to use to analyze threat actor activities worldwide, and categorize the detected fraud schemes. So far, over 100 basic scam schemes and their variants have been detected. For instance, a scheme with fake brand accounts on social media (which is typical for the financial sector) involved on average over 500 fake accounts per bank in 2020. Insurance companies worldwide, on the other hand, suffered from phishing: on average, over 100 phishing websites per insurer were created last year.

Vaccine for the scamdemic?

According to Group-IB data, 47% of Classiscam-related violations occurred on third-level domains, which makes them harder to detect and block. Also, the pandemic has only made fraud activities more urgent and lucrative to cybercriminals.

Said Ilia Rozhnov, the firm’s Head of Digital Risk Protection in APAC: “Today, scams are more than just solitary fraudulent web pages—they come from an entire industry armed with advanced technologies and motivated cybercriminal groups with great financial resources. They choose their targets from various industries—brand recognition is what matters to them—causing financial and reputational damage.”

Organizations that want not only to detect, and also prevent such scams need to understand threat actors’ logic, and also use threat intelligence, automated graph analysis, and monitoring of threat actor infrastructures in real time in order to detect fraudsters’ entire networks and block them, rather than tackling individual links to phishing and scam resources, Rozhnov asserted.