Researchers discovered a sophisticated phishing campaign that costed millions of people across the world over $80 million per month.
The campaign, according to security firm Group-IB, targeted users in over 90 countries, including the United States, Canada, South Korea, and Italy. It sends out fake surveys and giveaways from popular brands in order to steal their personal and financial data.
According to the firm, a single network targets over 10 million victims and 120 brands.
Group-IB explained “Fraudsters trap their victims by distributing invitations to partake in survey, after which the user would allegedly get a prize. Each such offer contains a link leading to the survey website. For ‘lead generation,’ the threat actors use all possible legitimate digital marketing means: contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications,”
“To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cyber-criminals to display different content to different users, based on certain user parameters.”
While the victim is being redirected to this ‘branded survey,’ information about their session is being recorded and used to personalise a final malicious link that can only be opened once, making it more difficult to detect and shut down the scam.
Group-IB noted “At the final stage, the user is asked to answer questions to receive a prize from a well-known brand and to fill out a form asking for their personal data, which is allegedly needed to receive the prize,”
“The data required usually includes the full name, email, postal address, phone number, bank card data, including expiration date and CVV.”
Dmitriy Tiunkin, the vendor’s head of digital risk protection in Europe, described the current landscape as “scamdemic.”
The firm discovered 60 separate networks operating similar targeted links, each with over 70 domain names.