Researchers have uncovered a sophisticated phishing campaign estimated to cost millions of global victims around $80m per month.
Security vendor Group-IB claimed the campaign targets users in over 90 countries, including the US, Canada, South Korea and Italy. It offers fake surveys and giveaways from popular brands, designed to steal their personal and financial data.
The firm said that a single network targets around 10 million victims and 120 brands.
“Fraudsters trap their victims by distributing invitations to partake in survey, after which the user would allegedly get a prize. Each such offer contains a link leading to the survey website. For ‘lead generation,’ the threat actors use all possible legitimate digital marketing means: contextual advertising, advertising on legal and completely rogue sites, SMS, mailouts, and pop-up notifications,” Group-IB explained.
“To build trust with their victims, scammers register look-alike domain names to the official ones. Less frequently, they were also seen adding links to the calendar and posts on social networks. After clicking the targeted link, a user gets in the so-called traffic cloaking, which enables cyber-criminals to display different content to different users, based on certain user parameters.”
While the victim is being redirected to this ’branded survey,’ information about their session is recorded and used to customize a final malicious link that can only be opened once – complicating efforts to detect and take down the scam.
“At the final stage, the user is asked to answer questions to receive a prize from a well-known brand and to fill out a form asking for their personal data, which is allegedly needed to receive the prize,” Group-IB noted.
“The data required usually includes the full name, email, postal address, phone number, bank card data, including expiration date and CVV.”
The vendor’s head of digital risk protection in Europe, Dmitriy Tiunkin, described the current landscape as a “scamdemic.”
The firm found 60 different networks operating similar targeted links, each containing over 70 domain names.