Ransomware is generally the prime concern for cybersecurity teams, but that is only within the context of hacking of companies and organizations. When you factor in all types of digital crime, simple fraud remains king. Almost 60% of cybercrime in 2021 consisted of online scams, according to a new report from security firm Group-IB.
The number grew slightly from 2020 as scams are increasingly run by large, well-organized professional criminal groups. This tracks with the increasing “corporatization” of all types of cybercrime, as the biggest players form outfits that mirror legitimate business structures and that even employ legitimate contractors to perform various functions for them.
Scams remain the most popular form of online crime, nearly double from 2020 numbers
There was a huge jump in online scams in just one year, going from 139 million in 2020 to 266 million in 2021. Part of this trend was due to the increasing popularity of crypto, and non-fungible tokens (NFTs) in particular. NFTs are a rich ground for cybercrime as they are generally held on “decentralized finance” platforms that are unregulated and not held to any particular security standards; scammers also have a fairly easy time getting away once they are stolen.
It isn’t all about crypto, however, with other elements of fraud sharply on the rise. “Voicefakes” are more commonly in use to perpetrate scams on organizations, usually in the form of fake phone calls purporting to be from an executive. And criminals are very interested in the Metaverse, which is seen as the next big frontier in cybercrime. This leads Group-IB analysts to believe that scam attempts will continue to go up in the near term.
Though it is not a new trend, cybercrime is also most common around holidays and special events, particularly when there is a lot of shopping activity; the holiday period between Thanksgiving and Christmas is a relaxed period in many industries, but it is when cybercrime is firing on all cylinders.
Cybercrime rings expand into “scams as a service”
57% of the cybercrime in 2021 consisted of scams, compared to 25% “other” attacks (such as those involving malware or denial of service) and 18% phishing. These numbers were very comparable to those seen in 2020, but scam attempts went way up and the average complexity and quality of them greatly increased. The average organized online scam outfit now has around 100 members (up from just 10 in 2020) and there are now nearly 400 of them at work (instead of less than 100 the prior year).
“Scam as a service” is a hot new trend with these groups, an idea poached from the ransomware world. Lower-skilled criminals outsource a good deal of the labor to these groups in return for a chunk of the profits. Scammers have also taken a cue from their ransomware brethren in being more selective about their targets, and in researching potential vulnerable employees on the web and social media looking for the most likely victims.
Scamsters are also working right out in the open on social media platforms, and by and large these sites are having trouble identifying and stopping them. Nearly half of 2021’s scams involved the attacker reaching out to the victim to initiate a dialogue, something most easily done via legitimate social media sites and apps. Social media saw increased growth in scam attempts as compared to IMs and email.