With Bogus Freebies And Surveys, Threat Actors Steal $80 Million Every Month

With Bogus Freebies And Surveys, Threat Actors Steal $80 Million Every Month

Scammers are said to have generated $80 million every month, imitating well-known firms and inviting customers to take part in false surveys or contests. Researchers have warned of a new trend in global fraud schemes employing targeted linkages, making investigation and take-down more difficult. 

As per current estimates, these massive operations resulted in a monthly theft of $80 million from 10 million people in 91 countries. The scam themes are the usual and “trustworthy” bogus surveys and giveaways from well-known firms, with the Christmas season increasing the vulnerability of targets to fraudulent gift offers.

According to a survey by Group-IB, 60 recognized fraud networks are presently using targeted links in their campaigns, mimicking 121 businesses in bogus giveaways. Each network’s operations employ an average of 70 distinct Internet domain names, but some have had remarkable success with fewer, indicating that quality trumps number when it comes to frauds.

“For each specific website that hosts fraudulent content, Group-IB researchers were able to analyze where the visitors came from.”

“The main sources of traffic for targeted links operators are India (42.2%), Thailand (7%), and Indonesia (4.4%), among others.”

However, Group-IB discovered that having more domains does not automatically mean a campaign would get more visitors. The fraudsters use contextual advertising, advertising on legitimate and entirely rogue websites, social media postings, forum posts, SMS, mailouts, and pop-up alerts to target their victims.

The idea is to drive them all to scam sites that are clones of the impersonated brands’ legitimate websites. While Group-IB did not provide a list of firms targeted by these operations, phony surveys and freebies have been detected in the past, imitating Google, Target, Amazon, Microsoft, Apple, and Samsung.

By clicking the first URL, the actors can collect information about the potential victim, such as their language, IP address, browser, and location. This step is necessary to present a page tailored to each victim’s demography and possible interests.

Simultaneously, this procedure makes it difficult to investigate and shut down fake websites, especially when scam networks are huge and employ several sites. In most situations, the victim will be offered a prize-winning chance that is just a few steps away from being delivered to their location. 

At this point, the actors ask for complete personal information, bank card information (with expiration date and CVV), and occasionally even a tiny “test payment” to “validate” the victims. This information is subsequently used to make fraudulent online purchases, create fictitious accounts, and assume false identities. On the dark web, they are usually sold to many actors.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.