Today, social media scams continue to cause problems for consumers and businesses. While businesses recognize the need to leverage social media as a sales tool and connect with customers, the issues that come with it can be too overwhelming for them.
Over the years, social media scams have proliferated, with victims losing more than money. Indeed, the researchers of the -IB Group observe that the scam industry is structured and involves more and more actors divided into hierarchical groups. The number of such groups jumped to a record high of 390, 3.5 times more than last year when the maximum number of active groups was close to 110.
With the rise of SaaS (Scam-as-a-Service) in 2021, the number of cybercriminals in a scam gang has increased 10 times compared to 2020 and now reaches 100. Group-IB researchers point out that the number of websites used to buy and provide “grey” and illegal traffic and which lure victims into fraudulent schemes has increased by 1.5 times.
As the number of social media users and unique mobile phone users increases, it has reached 4.62 billion. In the Asia-Pacific region, according to the findings of the Group-IB Digital Risk Protection team, social media has become the number one channel for the distribution of scams – 75.4% of all scams analyzed by Group- IB have been observed in social media. Instagram has proven to be the favorite platform for scammers in APAC.
In 2022, scammers are moving to a new level of automating fraudulent attacks. These social media scams focus less on untargeted users and now attract specific groups of victims to increase conversion rates. And this is becoming a big problem, especially with social media increasingly becoming the first point of contact between scammers and their potential victims.
Group-IB’s findings show that despite the growing number of Internet users falling victim to cybercrime every day, fraudsters prefer good old techniques such as phishing (18%), scams and fraud (57%), infections by malware and reputational damage (25%). The number of scam resources impersonating a brand created per month has also increased. In the Middle East, Asia-Pacific and Europe, Group-IB analysts noted an increase of 150%, 83% and 89% respectively.
“A strong trend we saw in 2021 was the merging of no-frills crooks into groups controlled by highly technically skilled bad guys,” says Ilia Rozhnov, head of digital risk protection team in APAC at Group -IB.
Rozhnov added that SaaS has helped build not only the appetite of fraudsters, but also the industry itself. In 2021, Group-IB’s DRP system tracked 350 groups, reaching up to 390 scam groups at peak times. The number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group. In turn, Rozhnov said their infrastructure has grown proportionately, with the average number of fraudulent links per group being between 2,000 and 3,000.
Scams beyond social media
Group-IB reported that the number of websites used to buy and deliver “grey” and illegal traffic increased 1.5 times. The crooks refused to create and maintain their own resources. Their task was only to attract traffic to third-party resources owned by other scammers for a fee when the theft of money was successful.
“Scammers are now focusing on targeted traffic. In the past, their schemes targeted misfit users who were taken to a fraudulent resource, but since 2021, the strategy has changed drastically. Scammers now attract specific groups of victims to increase conversion rates. The only “grey” and illegal traffic sales platform earns an average of $2,758 per week from an offer to sell illegal traffic,” Rozhnov added.
Interestingly, the statistics of gray and illegal traffic on one platform, which was taken as an example by DRP analysts from Group-IB, showed that India, the United States and Vietnam are the main countries where the platform is distributed.
At the same time, Group-IB experts noted a strong trend towards the use of improved URL targeting. Vanity URLs typically include not only a timestamp and hash, but also geolocation information, operating system version, browser type, and ISP name. There was also no weak content personalization. Fraudsters used enhanced content personalization with auto-populated web forms on a page containing a user’s personal data, extracted from browser cookies.
For Jorij Abraham, General Manager at Global Anti-Scam Alliance & Scamadviser, the scammers were quickly becoming more professional, and the number of reported scams had increased from 139 to 266 million (93%).
“The number of cybercrimes is increasing every year. We need to stay one step ahead of the scammers. To do this, anyone involved in the cybersecurity market must share their knowledge and data. Only then can we win. With the emergence of more data and new technologies such as deepfakes, scams have become very difficult to identify,” Abraham commented.
As social media scams are on the rise, so has the hype in the global public space for metaverses. Group-IB DRP analysts expect the number of scams in metaverses to increase in the future as well. The same situation also applies to cryptocurrencies and NFTs, where scams are already very popular.