According to Group-IB, the number of scam resources created per brand across various regions and industries more than doubled in 2022, showing a significant increase of 162% compared to the previous year. Furthermore, the total number of scam pages detected by Group-IB in 2022 was more than three times higher than in 2021, indicating a surge in scam activity.
Experts at Group-IB have observed a rise in both the number of scams and the number of individuals involved in scam activities. This increase can be attributed to the widespread use of social media platforms for propagating scams and the growing automation of scam processes.
For instance, in the Classiscam scam-as-a-service scheme, over 80% of operations are now automated. Social media serves as the primary point of contact between scammers and their victims, especially in the Middle East and Africa (MEA) region, where 92% of scam campaigns targeting MEA companies in the oil and gas, financial, and banking sectors exploit social media platforms.
In the Asia-Pacific (APAC) region, 58% of scam resources targeting companies in seven key economic sectors utilized social media as a vector, while in Europe, messengers remained the primary mode for scam activities.
Group-IB differentiates between phishing and scam, as these cyber threats have distinct outcomes and fall under different legal frameworks in terms of incident response. Phishing typically involves the theft of personal information, such as account credentials or bank card data, and is considered a recognized violation. On the other hand, scams encompass attempts by cybercriminals to deceive victims into voluntarily providing money or sensitive information.
Group-IB reports that scams accounted for 57% of financially-motivated cybercrime in 2021, surpassing phishing, ransomware, malware, and DDoS attacks. The average number of scam resources per brand globally more than doubled in 2022 compared to 2021, with developing countries experiencing a notable growth. In the APAC region, the average number of scam resources per brand rose by 211% year-on-year, the highest among all regions.
Over the past year, scammers increasingly exploited social media platforms to launch their campaigns. In APAC, 76% of scams targeting companies in seven core sectors leveraged social media. Notably, Group-IB uncovered 600 hijacked Instagram accounts used to disseminate phishing links to Indonesian victims in the APAC region.
In the MEA region, the average number of scam resources per brand in the oil and gas, financial, and banking sectors increased by 135% year-on-year, with 92% of scam resources being shared on social media. Group-IB researchers have detailed instances where scammers impersonated major companies in the MEA region on social media platforms to target job seekers, soccer fans, and individuals seeking domestic workers.
In Europe, the average number of scam resources per brand in nine verticals experienced a 74% year-on-year increase in 2022. Almost half of the scam resources targeting European users detected by Group-IB were shared on messengers, a larger proportion compared to APAC and MEA.
The financial sector witnessed a dramatic surge in scammers' interest, with the average number of scam resources created per financial brand increasing by 186% in 2022.
Similar growth rates were observed in the oil and gas sector (112%) and the manufacturing industry (55%).
Group-IB identified a 304% increase in scam resources that exploited the name and reputation of legitimate brands in 2022 compared to the previous year. The financial sector was the most targeted industry, with 74.2% of intellectual property violations, such as trademark misuse, fake brand partnerships, scam advertisements, fake social media and messenger accounts, and fraudulent brand applications, affecting companies in this sector.
Other sectors heavily affected by scams include lotteries (12.0%), oil and gas (5.3%), and retail (3.2%). Additionally, the finance and social media industries were the most commonly targeted in phishing attempts.
The increasing automation of previously manual processes has been a major driver of the surge in scam activity, a trend observed throughout the underground economy. This automation allows threat actors to scale their operations more rapidly, while the expanded ecosystem and role distribution provide greater safety.
It is anticipated that this trend will continue, as cybercriminals increasingly leverage AI-driven text generators to create more convincing scam and phishing campaigns.
In 2019, Group-IB discovered Classiscam, an affiliate program that operates as a scam-as-a-service and is designed to steal payment and personal data from users on popular classifieds and marketplaces. This scheme has become increasingly automated, enabling threat actors to create phishing sites and arrange payments through e-wallets, all facilitated by Telegram bots.
Classiscam initially originated in Eastern Europe and later spread globally. To date, Group-IB has identified 1,366 Classiscam groups and obtained detailed statistics for 393 of them. These groups have executed over 486,000 attacks, imitating 251 brands from 79 countries. Group-IB estimates that the financial damage caused by this scam scheme is at least USD $64 million.
Another example of the growing impact of automation in the scam industry is the significant increase in the number of scam resources hosted on the .tk domain. Affiliate programs automatically generate links using this domain zone, accounting for 38.8% of all scam resources examined by Group-IB in the second half of 2022.
In the first half of 2022, Group-IB did not find any scams on the .tk domain. Other free-to-use domains like .gq and .ml also gained popularity in the second half of 2022, comprising 8.0% and 7.8% of scam domains, respectively.
Experts at Group-IB have observed a rise in both the number of scams and the number of individuals involved in scam activities. This increase can be attributed to the widespread use of social media platforms for propagating scams and the growing automation of scam processes.
For instance, in the Classiscam scam-as-a-service scheme, over 80% of operations are now automated. Social media serves as the primary point of contact between scammers and their victims, especially in the Middle East and Africa (MEA) region, where 92% of scam campaigns targeting MEA companies in the oil and gas, financial, and banking sectors exploit social media platforms.
In the Asia-Pacific (APAC) region, 58% of scam resources targeting companies in seven key economic sectors utilized social media as a vector, while in Europe, messengers remained the primary mode for scam activities.
Group-IB differentiates between phishing and scam, as these cyber threats have distinct outcomes and fall under different legal frameworks in terms of incident response. Phishing typically involves the theft of personal information, such as account credentials or bank card data, and is considered a recognized violation. On the other hand, scams encompass attempts by cybercriminals to deceive victims into voluntarily providing money or sensitive information.
Group-IB reports that scams accounted for 57% of financially-motivated cybercrime in 2021, surpassing phishing, ransomware, malware, and DDoS attacks. The average number of scam resources per brand globally more than doubled in 2022 compared to 2021, with developing countries experiencing a notable growth. In the APAC region, the average number of scam resources per brand rose by 211% year-on-year, the highest among all regions.
Over the past year, scammers increasingly exploited social media platforms to launch their campaigns. In APAC, 76% of scams targeting companies in seven core sectors leveraged social media. Notably, Group-IB uncovered 600 hijacked Instagram accounts used to disseminate phishing links to Indonesian victims in the APAC region.
In the MEA region, the average number of scam resources per brand in the oil and gas, financial, and banking sectors increased by 135% year-on-year, with 92% of scam resources being shared on social media. Group-IB researchers have detailed instances where scammers impersonated major companies in the MEA region on social media platforms to target job seekers, soccer fans, and individuals seeking domestic workers.
In Europe, the average number of scam resources per brand in nine verticals experienced a 74% year-on-year increase in 2022. Almost half of the scam resources targeting European users detected by Group-IB were shared on messengers, a larger proportion compared to APAC and MEA.
The financial sector witnessed a dramatic surge in scammers' interest, with the average number of scam resources created per financial brand increasing by 186% in 2022.
Similar growth rates were observed in the oil and gas sector (112%) and the manufacturing industry (55%).
Group-IB identified a 304% increase in scam resources that exploited the name and reputation of legitimate brands in 2022 compared to the previous year. The financial sector was the most targeted industry, with 74.2% of intellectual property violations, such as trademark misuse, fake brand partnerships, scam advertisements, fake social media and messenger accounts, and fraudulent brand applications, affecting companies in this sector.
Other sectors heavily affected by scams include lotteries (12.0%), oil and gas (5.3%), and retail (3.2%). Additionally, the finance and social media industries were the most commonly targeted in phishing attempts.
The increasing automation of previously manual processes has been a major driver of the surge in scam activity, a trend observed throughout the underground economy. This automation allows threat actors to scale their operations more rapidly, while the expanded ecosystem and role distribution provide greater safety.
It is anticipated that this trend will continue, as cybercriminals increasingly leverage AI-driven text generators to create more convincing scam and phishing campaigns.
In 2019, Group-IB discovered Classiscam, an affiliate program that operates as a scam-as-a-service and is designed to steal payment and personal data from users on popular classifieds and marketplaces. This scheme has become increasingly automated, enabling threat actors to create phishing sites and arrange payments through e-wallets, all facilitated by Telegram bots.
Classiscam initially originated in Eastern Europe and later spread globally. To date, Group-IB has identified 1,366 Classiscam groups and obtained detailed statistics for 393 of them. These groups have executed over 486,000 attacks, imitating 251 brands from 79 countries. Group-IB estimates that the financial damage caused by this scam scheme is at least USD $64 million.
Another example of the growing impact of automation in the scam industry is the significant increase in the number of scam resources hosted on the .tk domain. Affiliate programs automatically generate links using this domain zone, accounting for 38.8% of all scam resources examined by Group-IB in the second half of 2022.
In the first half of 2022, Group-IB did not find any scams on the .tk domain. Other free-to-use domains like .gq and .ml also gained popularity in the second half of 2022, comprising 8.0% and 7.8% of scam domains, respectively.