Security experts from Group-IB disclosed a new global cyberespionage phishing campaign targeting users in over 90 countries, including the U.S., Canada, South Korea, and Italy. It stated that that the campaign mimicked more than 120 global organizations.
The scammers leveraged various tactics like fake surveys and brand impersonation to harvest users’ personal and financial information.
Fake Surveys for Lead Generation
Attackers tricked victims by sending fake invitations to participate in a survey, citing that the user would get a prize. The survey link diverted the victim to a hacker-controlled phishing page that captured users’ sensitive data such as full name, email, postal address, phone number, bank card data, expiration date, and CVV.
Group-IB found that fraudsters leveraged various digital marketing tools like contextual advertising, legal and completely rogue sites, SMS, mailouts, and pop-up notifications to lure the victims. “To attract users to the final scam websites, scammers register look-alike domain names to the official ones. They were also seen adding links to the calendar and posts on social networks less frequently. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cybercriminals to display different content to different users, based on certain user parameters,” Group-IB said.
Over 10 million people were reportedly affected by this scam, with estimated damage totaling about $80 million per month.
According to Group-IB’s analysis, the most affected countries in this campaign include Europe (36.3%), Africa (24.2%), and Asia (23.1%). The majority of brands targeted in the campaign belong to the U.S.(20), Canada (9), South Korea (7), Italy (5), Serbia (5), and Singapore (5). Besides, Group-IB detected over 60 different scam networks that operate targeted links containing around 70 domain names.
“Just a couple of years ago, online scams were focused on the scale: by indiscriminately targeting users, fraudsters tried to ensure that at least someone would take the bite. Over time, as scam awareness was growing, fewer and fewer people fell prey to such schemes, which made it much more difficult for cybercriminals to make money. They started to explore new ways that would meet their financial ambitions. This triggered the scamdemic and the diversity of various fraudulent schemes that we observe today,” said Dmitriy Tiunkin, Group-IB Head of Digital Risk Protection, Europe.