Growing scam activity linked to social media and automation
The average number of scam resources created per brand across all regions and industries more than doubled year-on-year in 2022, up 162%, according to Group-IB.
Additionally, the total number of scam pages detected by Group-IB in 2022 was more than three times higher than in 2021. The so-called scamdemic is spreading rapidly.
Surge in scam activity
Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes.
For example, in the notable Classiscam scam-as-a-service scheme, more than 80% of operations are now automated. Social media is often the first point of contact between scammers and victims, and nowhere was this more apparent than in the Middle East and Africa (MEA) region.
Group-IB analysts found that 92% of scam campaigns targeting MEA companies in the oil and gas, financial, and banking sectors leveraged social media, proportionally the highest of any global region. In the APAC region, 58% of scam resources targeting companies in seven core economic sectors used this vector, while in Europe, messengers remained the primary vector for scam activity.
Group-IB separates the concepts of phishing and scam, given the fact that these cyber threats have different outcomes and, most importantly, fall under different legal rules when it comes to incident response. Phishing is a generally recognized violation that results in the theft of personal information, such as account credentials or bank card data.
Cybercriminals consider an attack to be successful when they receive such data. Scams refer to any attempt by a cybercriminal to deceive a victim into voluntarily handing over money or sensitive information.
The average number of scam resources per brand in 2022
According to Group-IB, scams accounted for 57% of all financially-motivated cybercrime in 2021 outpacing phishing, ransomware, malware, and DDoS.
The average number of scam resources per brand globally in 2022 more than doubled when compared to 2021, and this growth was particularly noticeable in developing countries. In the Asia-Pacific region, the average number of scam resources per brand increased 211% year-on-year, the highest of any global region.
Over the past year, scammers have increasingly turned to social media to launch their campaigns, and in the APAC region, 76% of scams targeting companies in seven core sectors (financial institutions, banks, telecommunications and media, oil and gas, aviation, insurance, manufacturing) seen by Group-IB leveraged social media. One recent example of this in the APAC region includes the discovery of 600 hijacked Instagram accounts used to spread phishing links to Indonesian victims.
In the Middle East and Africa region, the average number of scam resources per brand in the oil and gas, financial, and banking sectors increased 135% year-on-year, with 92% of scam resources being shared on social media (up from 80% in 2021).
Group-IB researchers have previously detailed how scammers have become adept at impersonating some of the MEA region’s largest companies on social media to target job seekers, soccer fans, and individuals looking to source a domestic worker.
In Europe, the average number of scam resources per brand in nine verticals (financial institutions, banks, video games, real estate, manufacturing, healthcare, transport and logistics, aviation) increased year-on-year by 74% in 2022. Almost half of the scam resources targeting European users seen by Group-IB experts were shared on messengers, a greater proportion than in APAC and MEA.
Scammers’ interest in the financial sector skyrocketed
Globally, scammers’ interest in the financial sector skyrocketed dramatically, as the average number of scam resources created per financial brand increased year-on-year by 186% in 2022. Similar growth was observed in the oil and gas sector (112%) and the manufacturing industry (55%).
In total, Group-IB detected 304% more scam resources that utilized the name and likeness of legitimate brands in 2022 compared to the preceding year. The financial sector was the most targeted industry, as 74.2% of intellectual property violations, such as the illegal use of trademarks, misrepresentation of brand partnerships, scam advertising, fake social media and messenger accounts, and fake brand applications targeted companies from this vertical.
Other majorly hit sectors were lotteries (12.0%), oil and gas (5.3%) and retail (3.2%). In addition, finance and social media were the two most commonly phished industries.
A major driver of the increase in scam activity and a growing trend seen throughout the underground economy is the automation of many previously manual processes that required technical know-how. By doing so, threat actors are able to scale their operations quicker, while the increasingly larger ecosystem and role distribution provides greater safety.
This trend is likely to increase in the future, given that cybercriminals can use AI-driven text generators to craft ever-more convincing copy for their scam and phishing campaigns.
Growing impact of automation in the scam industry
The researchers in 2019 discovered Classiscam, a scam-as-a-service affiliate program designed to steal the payment and personal data of users from popular classifieds and marketplaces. This scheme has become increasingly automated, as threat actors can now create a phishing site and arrange payment through an e-wallet all through Telegram bots.
Classiscam initially originated in Eastern Europe, and subsequently spread across the globe. To date, Group-IB has identified 1,366 Classiscam groups and the company has obtained detailed statistics about 393 of them.
The observed groups have carried out more than 486,000 attacks, emulating 251 brands from 79 countries, and Group-IB estimates that the financial damage from this scam scheme is at least USD $64 million.
Another example of the growing impact of automation in the scam industry is the rapid uptick in the number of scam resources hosted on the .tk domain. Affiliate programs automatically generate links on this domain zone, and they accounted for 38.8% of all scam resources examined by Group-IB in the second half of 2022.
In H1 2022, Group-IB found zero scams on the .tk domain. Other free-to-use domains, such as .gq, and .ml, also surged in popularity in the second half of 2022, accounting for 8.0% and 7.8% of scam domains, respectively.