Group-IB, a global cybersecurity leader headquartered in Singapore, has published Digital Risk Trends, a comprehensive analysis of the world’s two most common cyber threats: scams and phishing.
The average number of scam resources created per brand, defined as the number of instances in which a brand’s image and logo was appropriated for use in scam campaigns, across all regions and industries more than doubled year-on-year in 2022, up 162%. In the Asia-Pacific (APAC) region, the rise was even more significant, with this number soaring by 211% compared to 2021.
Additionally, the number of phishing websites detected by Group-IB’s Digital Risk Protection in 2022 was more than three times higher than in 2021. These findings build upon the 2022 Global State of Scams Report, published by the Global Anti Scam Alliance and ScamAdviser in collaboration with Group-IB, which revealed that scams caused over $55 billion in damages. The so-called scamdemic shows no signs of slowing down.
Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes.
For example, in the notable Classiscam scam-as-a-service scheme, more than 80% of operations are now automated. Social media is often the first point of contact between scammers and victims, and this was apparent in the APAC region last year as Group-IB analysts found that 58% of scam resources targeting companies in seven core economic sectors were created on social media.
To conduct this research, Group-IB experts leveraged the neural networks and machine-learning algorithms incorporated into the company’s proprietary Digital Risk Protection platform. By continuously and automatically monitoring millions of online resources, Digital Risk Protection provides brands with 360-degree coverage against external digital risks to their intellectual property and brand identity.
Group-IB separates the concepts of phishing and scam, given the fact that these cyber threats have different outcomes and, most importantly, fall under different legal rules when it comes to incident response. Phishing is a generally recognized violation that results in the theft of personal information, such as account credentials or bank card data.
Cybercriminals consider an attack to be successful when they receive such data. Scams refer to any attempt by a cybercriminal to deceive a victim into voluntarily handing over money or sensitive information.
According to Group-IB, scams accounted for 57% of all financially-motivated cybercrime in 2021 outpacing phishing, ransomware, malware, and DDoS. As shown in the Digital Risk Trends report, the average number of scam resources per brand globally in 2022 more than doubled when compared to 2021.
In the Asia-Pacific region, the average number of scam resources per brand increased 211% year-on-year, the highest of any global region. Over the past year, scammers have increasingly turned to social media to launch their campaigns.
In the APAC region, 76% of scam resources targeting companies in seven core sectors (financial institutions, banks, telecommunications and media, oil and gas, aviation, insurance, manufacturing) were found to originate from social media, as observed by Group-IB. One recent example of this in the APAC region includes the discovery of 600 hijacked Instagram accounts used to spread phishing links to Indonesian victims.
Figure 1. Headline scam and phishing data from Digital Risk Trends
Globally, scammers’ interest in the financial sector skyrocketed dramatically, as the average number of scam resources created per financial brand increased year-on-year by 186% in 2022. Similar growth was observed in the oil and gas sector (112%) and the manufacturing industry (55%).
In total, Group-IB detected 304% more scam resources that utilized the name and likeness of legitimate brands in 2022 compared to the preceding year. The financial sector was the most targeted industry, as 74.2% of intellectual property violations, such as the illegal use of trademarks, misrepresentation of brand partnerships, scam advertising, fake social media and messenger accounts, and fake brand applications targeted companies from this vertical. Other majorly hit sectors were lotteries (12.0%), oil and gas (5.3%) and retail (3.2%). In addition, finance and social media were the two most commonly phished industries.
“Scam campaigns are not just affecting more brands each year as the impact that each individual brand faces is growing larger as well. Scammers are using a vast amount of domains and social media accounts to not only reach a greater number of potential victims, but also evade counteraction. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cybercriminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future,” Afiq Sasman, Head of the Digital Risk Protection Analytics Team in the Asia Pacific, Group-IB, said.