Group-IB has uncovered a worldwide scam campaign targeting users in more than 90 countries all around the world, including Singapore, Malaysia, and Australia.
The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120.
The new wave of the scam is particularly persistent thanks to an innovation in the scammers toolset targeted links, which makes investigating and tackling such attacks increasingly challenging.
The potential victim pool of a single scam network is estimated at about10 million people, while the potential damage totalled about $80 million per month, according to Group-IB’s Digital Risk Protection unit.
Personal customer service
According to Group-IB, fraudsters trap their victims by distributing invitations to partake in a survey, after which the user would allegedly get a prize. Each such offer contains a link leading to the survey website. For lead generation, the threat actors use all possible legitimate digital marketing means, such as contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications. To attract users to the final scam websites, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After…