With the holiday season ‘ON’, scammers are making use of their best tactics to phish users, and one such phishing scam, probably the biggest in the year, has come to the notice of researchers.
What is the news?
Security vendor Group-IB discovered a global phishing campaign that defrauded users in over 90 countries to steal tens of millions of dollars.
As part of the scheme, the fraudsters impersonated around 121 popular brands and lured victims with fake surveys and giveaways that promised them free prizes. Instead, these fake offers led to phishing pages that collected their personal information such as full name, physical address, phone number, credit card data, expiration date, and CVV number.
The researchers said they had identified roughly 60 scam networks that operated similar links, with each containing more than 70 domain names.
For ‘lead generation’, the actors used all possible digital marketing means including contextual advertising, SMS, mailouts, and pop-up notifications, among others.
The campaign had targeted around 10 million victims, with most of them in Europe, Africa, and Asia.
What’s the impact?
With a variety of sensitive information in the wrong hands, fraudsters can use them to buy goods online, or register fake user accounts on any resource.
Else, they can simply sell personal information on the dark web.
Furthermore, a majority of brands used in the scam are leading telecommunications companies, with 20 of them located in the U.S.
The state of brand phishing in 2021
Phishing attacks continued to be one of the top threats in 2021.
In a report from PhishLabs, it was revealed that the first half of the year saw a 22% increase in the volume of such attacks over the same time period last year.
The attack method was primarily used by threat actors to steal credentials, hijack accounts, and compromise organizations.
The bottom line
Over time, users have become more aware and cautious about online scams. And, this has made it difficult for cybercriminals to make quick bucks. Researchers indicate that threat actors will continue exploring various fraudulent tactics to meet their malicious objectives.