Researchers discovered a sophisticated phishing attack that costs millions of people across the world around $80 million per month.
The campaign, according to security firm Group-IB, targets consumers in over 90 countries, including the United States, Canada, South Korea, and Italy. It sends out fraudulent surveys and giveaways from well-known companies in order to acquire their personal and financial information.
According to the firm, a single network targets over 10 million victims and 120 brands.
“Fraudsters trap their victims by distributing invitations to partake in the survey, after which the user would allegedly get a prize. Each such offer contains a link leading to the survey website. For ‘lead generation,’ the threat actors use all possible legitimate digital marketing means: contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications,” Group-IB explained.
“To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cyber-criminals to display different content to different users, based on certain user parameters.”
While the victim is being sent to this 'branded survey,' information about their experience is being gathered and used to personalise a final harmful link that can only be opened once, making it more difficult to identify and shut down the scam.
Group-IB noted, “At the final stage, the user is asked to answer questions to receive a prize from a well-known brand and to fill out a form asking for their personal data, which is allegedly needed to receive the prize. The data required usually includes the full name, email, postal address, phone number, bank card data, including expiration date and CVV.”
Dmitriy Tiunkin, the vendor's head of digital risk protection in Europe, called the current situation a "scamdemic."
The firm discovered 60 separate networks, each with over 70 domain names, running similar targeted links.
