Dubai, 21/12/2021: Group-IB, one of the global cybersecurity leaders, has uncovered a worldwide scam campaign targeting users in over 90 countries all around the world, including the UAE, Oman, and Qatar. The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120. The new wave of the scam is particularly persistent thanks to an innovation in the scammers’ toolset — targeted links, which makes investigating and tackling such attacks increasingly challenging.
The potential victim pool of a single scam network is estimated at about 10 million people, while the potential damage totaled about $80 million per month, according to Group-IB’s Digital Risk Protection unit.
Personal customer service
Fraudsters trap their victims by distributing invitations to partake in survey, after which the user would allegedly get a prize. Each such offer contains a link leading to the survey website. For “lead generation,” the threat actors use all possible legitimate digital marketing means: contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications. To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar…