Group-IB, a global threat hunting and adversary-centric cyber intelligence company, recently revealed a large-scale, ongoing scam targeting the Middle East and Africa (MEA) region.
Nearly 140 well-known brands from 16 countries across the region have bee leveraged by scammers in fraudulent schemes designed to steal user personal and payment data. Additionally, at least eight of the brands exploited in this multi-stage scam were affiliated with Egypt.
The findings, uncovered using Group IB’s AI-driven digital risk identification and mitigation platform Digital Risk Protection, were released during the company’s Digital Risk Summit 2021, held online last week.
Participants included the United Nations International Computing Centre (UNICC), global market research and advisory firm Forrester, and independent website watchdog service Scamadviser. During the event Group-IB analysts also revealed Egypt to be one of the top five countries targeted by the rolling multi-stage scam.
As part of the scam, fake web pages are created by scammers. A typical victim receives a link to these via social media channels or messenger services, or sees them advertised on search engines.
The link invites the victim to participate in a prize draw, or a promotional offer, or a survey associated with a well-known brand or celebrity. The landing page contains an online form designed to extract the victim’s key personal details, and once filled in, the victim is declared a winner and instructed to share the link with their contacts.
This expands the scam surface, while the victim is redirected to other scam resources, including new giveaways, phishing websites, or websites that infect devices with malware. The total monthly audience of web resources used as a final stage of this scam totalled almost 500,000.
The majority of brands exploited through this multi-stage scam, that is 34.8%, fell under the umbrella of the telecommunications industry, whilst 10.4% fell under public services, and 9.6% fell under retail.
Other affected industries include entertainment, food-and-beverage, automotive, electronics, oil-and-gas, and banking and insurance. Group-IB analysts also detected over 4,300 scam web pages registered using legitimate blog-publishing services this year alone, 160 of which were scam pages exploiting Egyptian brands.
The pandemic sent businesses around the world online, with 40% of all sales now conducted through social media. This has translated into unprecedented growth, but it has also multiplied the threat surface.
In total, fraud accounts for 73% of all online attacks, whilst 56% are scams, which lure victims into voluntarily revealing sensitive data. A total of 17% are phishing attacks, which result in the theft of bank card details.
“It’s not enough for organisations to employ a simple monitoring approach and blocking individual links, not with online fraud escalating at its current rate,” said Ashraf Koheil, MEA Director of Business Development at Group-IB, “Prevention tools should capably and efficiently detect the entire infrastructure mounted by a scammer, and identify each of the elements involved.”
Koheil added, “This is where a scam actor-centric approach, such as the one adopted by Group-IB, comes in, as it automates the monitoring process and renders it more sophisticated and more scalable.”
Group-IB, which has recently opened the doors on its first Threat Intelligence and Research Center in the MEA region, added that scam and phishing incidents detected by the company in the Middle East grew 27.5% in 2020, compared to the year before.
It also presented analysis from several other fraudulent schemes discovered using its patented scammer tracking technology Scam Intelligence. In under a year, the system has saved nearly $443m in potential damages for companies in the Asia-Pacific region, Russia, Europe, and the Middle East.
Group-IB is a Singapore-based provider of solutions aimed at detection and prevention of cyberattacks and online fraud.
The company also specialises in high-profile cyber investigations and digital risk protection.