Group-IB is a Singapore-based global threat hunting and adversary-centric cyber intelligence company that specializes in investigating and preventing hi-tech cybercrimes.
It recently revealed an ongoing large-scale scam campaign, exploiting popular brands, and targeting the MEA region.
It said that nearly 140 famous brands from at least 16 Arabic-speaking countries including Egypt, Saudi Arabia, and the UAE, were exploited by scammers who created fake pages with giveaways or prize draws, purported to be launched by well-known organizations, to steal user personal information and payment data.
The majority of brands exploited in the scheme (34.8%) belong to the telecommunications industry, while 10.4% account for public service and 9.6% for retail. Other industries that are affected by the scheme include entertainment, fast food, automotive, electronics, oil and gas sectors, and banking and insurance.
In total, according to Group-IB estimates, fraud accounts for 73% of all online attacks: 56% are scams and 17% are phishing attacks. In the Middle East, these violations detected by the company in 2020 grew by 27.5% compared to the previous year.
“The scam market is turning into the fastest-growing economy in the world. Each year, the number of cybercriminals, scams, as well as damage caused by them, skyrockets,” says Group-IB Middle East and Africa Director of Business Development Ashraf Koheil.
“If you have a well-known brand whether it be a bank, scammers’ long-time favorite, a consumer goods company, or a service provider, it’s just a matter of time before you catch the attention of scammers.”
In an exclusive interview with Ashraf, AMEinfo sought to dig deeper into these scams and identify a simple roadmap to avoid falling prey to online predators.
Group IB’s Top three scams in the region
Ashraf explained that using its automated Digital Risk Protection analysis tools, Group-IB looks at early detection of scams exploiting famous companies’ brands aimed at regular individuals, as big names have always been effective for scammers in luring the victims.
“Our general approach to all types of cybercrime is that upon identification, we do further analysis and seek to hold the perpetrators accountable, otherwise, they are likely to come back again and again,” Ashraf explained.
Group-IB services some of the most trusted brands in the region, in sectors like banking and finance, insurance, oil, and telcos.
Ashraf indicated that there were 3 obvious trends when it came to scams in the region.
1- Social engineering is becoming very intense (deception to manipulate individuals into divulging information for fraudulent purposes)
2- The use of third-party blogging services to avoid traditional detection (blogging services that allow you to create fake blog pages and content)
3- Use of big social events (scammers quickly seize the opportunity feeding on the COVID-19 panic and fears)
“We have recently seen a spike during the holy month of Ramadan when most companies spend advertising money and generate lots of social media traffic and it’s where scammers like to hide and use these techniques,” Ashraf explained.
3 themes for B2C attacks
1- Prize/cash scams
Typical victims receive a link from friends, through social media, or come across an ad in search engines, inviting them to participate in a prize draw, promotional offer, or survey conducted by a big name or a celebrity.
Attracted by a promise to get a prize or cash reward, the victims follow a link and find themselves on a page with a survey or an online slot machine branded as a well-known company.
“The users are asked to complete a survey or fill out an online form and enter their name, city of residence, phone number, information about their education, and etc. Regardless of the users’ answers, they become a winner, after which they’re asked to share the link to the survey/giveaway with up to 20 contacts on WhatsApp messenger,” Ashraf detailed.
After the victims expand the scam surface, they are redirected to other scam resources like new giveaways or a website on which the users can infect their device with malware.
As a result of such attacks, brands risk losing their customers and breaching their trust.
Ashraf said that, typically, banks run season campaigns during which they provide certain discounts, cashback, or other offers on bank services.
“Scammers would design a very lookalike localized advertising campaign, and it prompts would-be victims to click on the offer and provide personal identifiable information like a telephone or account number,” explained Ashraf.
“Next, scammers ask the victims to share the ‘great news’ on social media.”
He said these lookalike campaigns usually start within 48-72 hours following a genuine promotion.
“Someone out there is observing what the big brands are spending on or promoting.”
Armed with this fact, one would think that companies behind the genuine campaigns would be incentivized to inform or warn users to check for fraudulent messages by encouraging them to closely inspect the message and the IP behind it.
“The pushback we get from many of the companies we advise adding a disclaimer showing the correct email or message from the proper domain is a result of not wishing to scare their clients with disclaimers. Maybe a good idea is for the security teams to review the advertising campaigns with relevant departments,” Ashraf recommended.
3-Seasonal and job scams
Companies like telcos engage in promotional for summer or back-to-school seasons where one expects to win a phone, cumulative points, and so forth.
One can also expect airlines to turn up the volume on offers for summer or even winter holidays.
“Scammers know it’s that time of the year to go on holidays, develop a clear idea of which countries are open, and so they get their logos ready for impersonation, start baiting victims to click here and there for a ticket or discount towards a vacation in some hotel resort, and so on,” Ashraf said.
And jobs are a favorite for phishing scams.
“Scammers are looking at the frequency of CVs posted targeting highly sought-after sectors and jobs, and as soon as they see vacancies being promoted, they start designing deceptive adverts,” Ashraf explained.
“You’ll see a fake oil company saying you’ve been accepted for pre-screening, and they’ll ask for a phone number or deposits for management processing fees. They are getting more and more automated, targeted and sophisticated.”
Common B2B scam themes for the region
Ashraf said that IB-Group is seeing fake adverts related to facilitating business emigration to reputable countries, indicating that it works for both B2C and B2B, where scammers would announce being a reputable law firm that can help set up an office in a foreign country or provide emigration services at great speeds and low costs.
“But supply chain scams represent the majority of all B2B fraud attempts. They involve sending an email to suppliers saying that they have an overdue bill to a vendor and to please pay and transfer that amount,” Ashraf described.
“The emails come with a lookalike domain that includes an extra letter added to it that users would not notice easily and asks to update payment details.”
Ashraf indicated that scammers time their schemes at specific periods like the end of a billing cycle or a fiscal year, to make it more believable.
Avoiding the traps
If you are ever a victim, Ashraf said that the first thing to do is to warn others about what happened.
“Raise your hand. Flag it to the boss or authorities. Security is about zero dwelling time. Not disclosing is much worse than revealing what happened,” Ashraf said.
But Ashraf also said that there are ways to stay safe and the easiest of these is to be vigilant about the message source and its content.
“See if it’s coming from a real domain. Take the time to do your own research online and check reviews. You might just come across the legitimate website of the company that the scammers are impersonating. Look at the language which is not very professionally written and usually contains many exclamation marks, upper and lower cases, and some of the messages come in rapid succession with the words ‘Urgent’ or ‘Reminder’ in them,” Ashraf said.
“Also, awareness is very much part of it. You need a security culture in the country or company where you live or work. Security is not someone else’s problem. It’s everyone’s problem. Mechanisms need to be visible and sponsored at the C-level and there need to be fire drills to make sure everyone is ready and up to date. Cybersecurity needs to be a water-cooler conversation today.”
Finally, Ashraf advises people to think twice before submitting their personal or payment details. Scammers get very creative. They develop complicated multi-stage schemes. They begin by approaching cautiously and collecting only one piece of information, for example. Only later do they drop a personalized SMS or contact the potential victim by phone.
“Customers who have experienced brand abuse online are unlikely to return. A simple approach involving monitoring and blocking is no longer enough. Many institutions monitor only separate brand infringements, such as phishing pages and domains, but overlook other elements of multi-stage scam infrastructure,” Ashraf said.
“To obtain a comprehensive picture of all brand violations, companies should use advanced digital risk protection solutions that promptly eliminate brand infringements online,” he concluded.