Threat Actors Steal $ 80 Million Per Month With Fake Giveaways, Surveys



It is estimated that scammers made $ 80 million per month masquerading as popular brands asking people to participate in bogus surveys or giveaways.

Researchers warn of this new trend of global fraud schemes involving targeted links to make investigations and withdrawals increasingly difficult.

According to current estimates, these massive campaigns resulted in an estimated $ 80,000,000 per month, stolen from 10 million people in 91 countries.

Scam themes are typical and “trustworthy” fake surveys and popular branded gifts, with the holiday season making targets more susceptible to fraudulent gift offers.

A global operation

According to a Group-IB report, there are currently 60 known scam networks that use targeted links in their campaigns, impersonating 121 brands in fake giveaways.

Each network uses an average of 70 different internet domain names in their campaigns, but some have great success with fewer domains, indicating that quality trumps quantity when it comes to scams.

“For each specific website hosting fraudulent content, Group-IB researchers were able to analyze where the visitors were coming from.”

“The main sources of traffic for targeted link operators are India (42.2%), Thailand (7%), and Indonesia (4.4%), among others.”

Scam Campaign Statistics
Scam Campaign Statistics
Source: Groupe-IB

However, Group-IB told BleepingComputer that more domains don’t always equate to more traffic for a campaign.

“The largest network detected in terms of the number of domain names included 232 domain names, according to the findings of Group-IB’s DRP team. Not all websites may remain active. So many domains are created to allow traffic to be redirected to an associated resource in the shortest possible time if an active resource is blocked, this way scammers keep their scam running.

However, very often having a large number of domain names on the network does not mean that this network is the most visited. Group-IB, for example, registered a resource network containing 51 domain names with targeted links but was one of the largest networks in terms of attracted traffic.

Judging by the number of visitors, nearly 10 million people can be scammed per month on the above-mentioned network alone, while the traffic attracted to the larger network in terms of the number of names of area was about 2 times less. “- Groupe-IB.

Information entry redirects

Scammers target their victims through pop-up ads, ads on legal and completely malicious sites, social media posts, forum posts, text messages, mailouts, and pop-up notifications.

The goal is to direct them all to fraudulent sites which are clones of the official sites of the spoofed brands.

While Group-IB has not shared a list of brands targeted by these campaigns, BleepingComputer has seen bogus surveys and giveaways masquerading as Google, Target, Amazon, Microsoft, Apple, and Samsung in the past.

Clicking on the first URL triggers a long series of redirects, during which the actors collect information about the potential victim, like their language, IP, browser, location, etc.

This process is essential to deliver a page that matches the demographic and potential interests of each victim.

Targeted Link Redirection Scheme
Targeted Link Redirection Scheme
Source: Groupe-IB

At the same time, this process severely hampers the investigation and removal of these scam sites, especially when the scam networks are so large and use many sites.

In most cases, the victim will be presented with a winning opportunity that is just steps away from being delivered on the spot.

Scam message offering a smartphone for free
Scam message offering a smartphone for free
Source: Groupe-IB

In this last step, the actors ask for complete personal information, bank card data (including expiration date and CVV) and sometimes even ask victims to make a small “test payment” to verify themselves. saying.

This information is then used for fraudulent online purchases, the registration of fake accounts and the presumption of counterfeit identities. In most cases, they are sold to multiple players on the dark web.

How to report a scam

Nowadays, big brands offer Christmas gifts and also run giveaways or surveys with prizes, which is precisely what the crooks are looking to exploit.

To ensure the legitimacy of a giveaway, check the email account and confirm that the website address is an official brand domain.

If a brand is launching a campaign, it should be easy to find a relevant post on their official social media, and even there be sure to check verified accounts.

Finally, verify the domain on the giveaway page you landed on and confirm that it belongs to the claimed brand.

Under no circumstances will a winner have to communicate their bank details or any other personal data apart from their name and postal address.


Previous Stay interviews - a necessity for employee retention
Next ESCO Technologies Inc. - Consensus Says Potential Rise of 33.2%