AMSTERDAM, April 30, 2021 /PRNewswire/ -- Group-IB, a
global threat hunting and adversary-centric cyber intelligence
company that specializes in investigating hi-tech cybercrimes, and
the United Nations International Computing Centre (UNICC),
detected and took down a massive multistage scam campaign
circulating online on April 7, World
Health Day. Scammers had created a distributed network of
134 rogue websites impersonating the World Health
Organization (WHO) on its health awareness day, encouraging
users to take a fake survey with the promise of funds in return.
The scheme targeted millions of users worldwide with the goal of
tricking them into visiting fraudulent third-party websites. Upon
detection, Group-IB's Digital Risk Protection
(DRP) reached out UNICC's Common Secure team as a
trusted contact for cyber threat intelligence matters within the UN
ecosystem, to assure that proper contacts within WHO were aware of
the scam. Group-IB then took down all the scam domains. Group-IB
researchers established that one scammer collective, codenamed
DarkPath Scammers, is likely to be behind the campaign. The
investigation is underway.
On April 7, Group-IB
alerted UNICC about a fake website impersonating WHO
branding. Visitors to the website were encouraged to answer a few
simple questions in return for a 200-euro prize on the occasion of World Health
Day.
Once users answered the questions, they were prompted to share
the link with their WhatsApp contacts. That way, scammers tried to
ensure that their multistage scheme was distributed virally. The
users would also see fake Facebook comments about the gifts the
commentors supposedly received. Group-IB researchers discovered
that when victims hit the share button and unknowingly involved
friends in the scam, instead of receiving the promised reward they
were redirected to third-party fraudulent resources that offered to
take part in another lucky draw. By this time in the scam routine
is no longer mentioned as users would visit a hookup website,
inadvertently install a browser extension, or subscribe to paid
services. In the worst-case scenarios, users would end up on a
malicious or phishing website.
In addition to the scam's multi-stage nature, which makes it
hard to detect, victims were shown customized content depending on
their geolocation, user agent, and language settings. Group-IB's
DRP team discovered that it was not a one-off short-lived
website impersonating the WHO brand, but rather a sophisticated
distributed infrastructure, which included a network of 134
almost identical domains that hosted web pages exploiting the World
Health Day theme. Within 48 hours upon discovery, Group-IB managed
to block all the rogue domains.
Group-IB researchers discovered connections between the blocked
134 websites involved in the WHO scam and at least 500 other
scam and phishing resources impersonating more than 50
well-known international food, sportswear, e-commerce, software,
automotive, and energy industry brands. The analysis of
websites revealed that the cybercriminals use scam kits. Like
phishing kits, scam kits are sets of tools that help create and
design scam pages. One scam kit allows impersonating multiple
brands at a time using the same template. It is worth noting that
after the takedown efforts by UNICC and Group-IB, the scammers
stopped using the WHO branding across their entire network.
While analyzing the infrastructure, Group-IB researchers
examined the domains and other digital indicators and concluded
that the whole network is likely to be maintained and controlled by
a scammer collective codenamed DarkPath Scammers. According
to Group-IB's estimates, their whole network attracts around
200,000 users daily from the US, India, Russia, and other countries.
"After warning us, we knew Group-IB was the team to deal with
this World Health Day scam", says Bojan
Simetic, Information Security Specialist, UNICC. "They
have the expertise and tools to get the job of takedown done, in
short order."
"We are delighted to cooperate with the UNICC in detection and
elimination of scams that deceive people into thinking they are
dealing with legitimate websites", says Dmitry Tyunkin, Head of
Group-IB's Digital Risk Protection team in Amsterdam. "Yet many brands still
underestimate the impact of such scams on their businesses and
customers. The approach most companies take when tackling brand
abuse online can be compared to tilting at windmills: they overlook
the continuous trend involving multistage scams and distributed
infrastructure."
Media Contact:
Group-IB PR team
+65 3159-3798
308917@email4pr.com
View original
content:http://www.prnewswire.com/news-releases/saving-world-health-day-unicc-and-group-ib-take-down-scam-campaign-impersonating-the-world-health-organization-301280947.html
SOURCE Group-IB