Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Targeted Links Used to Steal Tens of Millions in Global Scam Campaign

By impersonating 121 brands, scammers managed to defraud users in over 90 countries of an estimated $80 million per month, Singapore-based threat hunting and intelligence firm Group-IB reveals.

By impersonating 121 brands, scammers managed to defraud users in over 90 countries of an estimated $80 million per month, Singapore-based threat hunting and intelligence firm Group-IB reveals.

As part of the scheme, the fraudsters lured victims with fake surveys and giveaways supposedly from popular brands, but which were designed to help the miscreants steal victims’ personal information and credit card data.

The scammers are believed to have targeted tens of millions of individuals in a total of 91 countries, including the United States, Canada, South Korea, and Italy.

To lure their victims, the cybercriminals distributed invitations to partake in a survey, also telling their potential victims that a prize would be offered afterwards. Marketing methods employed in the campaign included advertising on both legitimate and rogue websites, contextual advertising, text and email messages, and pop-up notifications.

Lookalike domains named after legitimate ones were registered to build trust with the victims, and links were often posted on social networks.

[ READ: Cookie Theft Malware Used to Hijack YouTube Accounts ]

“The new wave of the scam is particularly persistent thanks to an innovation in the scammers’ toolset — targeted links, which makes investigating and tackling such attacks increasingly challenging,” Group-IB notes.

By employing so-called traffic cloaking, the cybercriminals were able to display different content to different users, while a long chain of redirects allowed them to gather information about the victim’s session, including browser, IP address, language, location, and more.

Advertisement. Scroll to continue reading.

Thus, the content on the final page is as much as possible tailored to the victim’s interests, with the customized link accessible only once, making detection much more difficult and allowing the scheme to persist longer.

Once they arrive on the final page, the victim is provided with a series of questions to respond to. The victim is also told that, in order to receive a prize, they should provide personal information such as full name, email and physical address, phone number, and credit card data, expiration date and CVV included.

Group-IB says it has identified roughly 60 scam networks operating the targeted links, with each containing more than 70 domain names on average. With over 50 domain names, one of the networks had a potential victim pool of over 10 million people.

The campaign mainly targeted Europe (36.3%), Africa (24.2%), and Asia (23.1%), but India emerged as the main source of traffic for the fraudulent links, accounting for 42.2% of it. Thailand and Indonesia accounted for 7% and 4.4% of the traffic, respectively.

The fraudsters attempted to exploit brands of leading telecommunications companies, with 20 of them located in the United States. Other impersonated brands are from Canada (9), South Korea (7), Italy (5), Serbia (5), and Singapore (5).

Related: Indian PM’s Twitter Hacked Again by Crypto Scammers

Related: Cybercriminals Finding Ways to Bypass ‘3D Secure’ Fraud Prevention System

Related: Computer Malware Fraudster Gets 2 Years in Prison

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.