A recent report from Group-IB finds that scams are continuing to become the preferred form of cybercrime across the world, representing over half of these incidents in 2021 and over triple the amount of phishing incidents recorded.
This continues a trend observed in the 2020 report in which cybercrime outfits are increasingly shifting to highly structured and advanced fraud operations, with “scam-as-a-service” models that reflect the similar offerings for other attack types such as ransomware and distributed denial of service (DDoS).
Fraud increasingly popular in cybercrime, holidays are heavily targeted
The security firm draws information for this annual cybercrime report from its risk management and protection platform. 2021 saw 57% of victims report scams, a slight increase of 1% from 2020. 18% of these threats were phishing attacks, and 25% fell into the “other” category of general malware (with these numbers also remaining roughly the same as the 2020 tallies).
Group-IB notes a trend of these scam groups growing in both size and complexity. There are also many more of them than ever before. The total amount of cybercrime outfits running scams jumped to 390, the highest annual number on record and a 3.5x increase from the 2020 amount. The average number of members of these groups also jumped from 10 to 100 in just a year, and 1.5x more scam websites have been observed.
Cybercrime groups are also increasing in sophistication and structure as they scale up, forming hierarchies and dividing labor in systems similar to those of legitimate businesses. They are also doing more research and being more specific in their targeting of organizations with substantial resources that have observable weaknesses that can be exploited; unfocused scams, such as cold calling unknown parties, appear to be very much on the wane. Criminals are seeking scams that have high conversion rates, and they often start by scoping out potential victims on social media sites (such as LinkedIn). The switch to precise targeting is also supported by the increase in use of personalized one-time URLs that make use of content personalization techniques drawn from information taken from the target’s web browser.
Part of the growth in scam outfits has to do with the formation of “scam as a service” platforms. These outfits generally have some sort of standard scam template that they run, with clients outsourcing elements of labor to the cybercrime group such as the creation of phishing emails and pages. One of the biggest of these, Classiscam, started in Russia but recruited speakers of foreign languages to expand to at least 12 countries. The group’s standard attack is to post advertisements for fake products on online marketplaces. These groups are not raking in the massive dollars that ransomware outfits are, but the biggest are reportedly making in the range of half a million dollars a month with a much lower risk profile and much less attention from international law enforcement.
Scams that impersonate known brands are particularly popular, and particularly prevalent in certain regions. The Middle East saw a spike of 150% of these scams in 2021, and both Europe and the Asia Pacific regions saw spikes of over 80%. Cybercrime outfits show a preference for impersonating big tech’s biggest names, particularly Facebook and Microsoft. Similarly, they like to pretend to be finance organizations and go after the biggest of those as well: PayPal, Chase Bank and Wells Fargo being the leading examples.
The study also indicates that scamsters do not need to tiptoe around on social media platforms; these sites are “insufficiently moderated” and allow for a good degree of latitude. 48.15% of 2021’s scams began with an active dialogue with the victim, most often taking place on a social media site. Social media ads and posts were the leading growth areas for cybercrime of this sort, followed by email and instant messages.
Scams not projected to slow down
The total amount of scams nearly doubled in 2021, going from 139 million to 266 million. Researchers see that number continuing to jump year-over-year in the near future, primarily due to the rollout of the Metaverse along with crypto assets and NFTs. Group-IB also sees the amount of deepfakes and voicefakes in cybercrime increasing; voicefakes are already becoming popular as a component of business email compromise attacks, most often used to impersonate an executive who has the authority to order that payments be issued. Metaverse scams are already beginning to proliferate, with everything from games that are essentially gambling (and tilted badly against the player or involving outright cheating), to hacking of VR headsets to perform a similar eavesdropping function as keyloggers.
Scams also tend to spike on holidays, and during special events. Black Friday and the Christmas shopping period remain the most active period for cybercrime, and scammers are increasingly quick to capitalize on unique opportunities like Covid-19 payment programs.
