The online pandemic: How to maintain digital identity amid increasing cyberscams

With scam incidences rising rapidly, here’s what businesses and users can do to protect themselves.

As nations battle the global pandemic, an unprecedented level of digitalisation has taken root as new ways of working and living come into play. Unfortunately, this has been accompanied by a sharp spike in fraudulent activity as an increase in time spent online has left businesses and users vulnerable to digital risks. While the streets of Singapore may be among the safest in the world, in cyberspace, threats and potential fraud loom over institutions and consumers.

Last year, the Cyber Security Agency of Singapore (CSA) issued numerous alerts about surging cyber hostilities such as tech support scams and the emergence of threat actors capitalising on COVID-19. Scammers came up with new scam inventions almost monthly. These included an e-commerce scam involving fake police reports and another advertising fake jobs for e-commerce platforms.

To raise public awareness about scams, Group-IB, a Singapore-based cybersecurity company, organised the Digital Risk Summit, an online conference streamed on June 10 featuring keynote speakers from the United Nations International Computing Centre and global market research and advisory company Forrester.

To date, Group-IB has conducted investigations for over 1,000 cyber incidents worldwide. It has also worked with international law enforcement agencies such as INTERPOL and Europol in cybercrime investigations.

A common trend Group-IB’s analysts have noted worldwide is the propensity for institutions to underestimate the scope of online risks they might face by limiting those only to threats within the organisation’s network.

“Business owners often underrate the potential financial and reputational damage that result from cyberscams involving their brand name,” said Mr Ilia Rozhnov, head of Digital Risk Protection (DRP) in APAC at Group-IB. Such scams are normally not treated as cyber incidents in the classic sense since they exist beyond an organisation’s network perimeter, he said.

THE DUAL-EDGED SWORD OF DIGITALISATION

According to Group-IB’s data, fraud accounts for at least 73 per cent of all digital crimes, which makes it the most common online offense. This category is made up of scams (deceit resulting in the victim voluntarily revealing sensitive data) and phishing attacks (theft of bank card details).

In 2020, the number of scam- and phishing-related violations detected by Group-IB in the Asia-Pacific region jumped by a record high of 88 per cent year-on-year. This is the highest rate in comparison with other regions – the figure stands at 39 per cent for Europe, 35 per cent for the Commonwealth of Independent States and 27.5 per cent for the Middle East. These statistics were unveiled at the Digital Risk Summit.

Closer to home, Group-IB discovered a network of fake resources aimed at luring Singaporeans into visiting a shady bitcoin investment page. In another case, the company detected a large-scale phishing scam campaign targeting Facebook Messenger users globally.

THE UNSEEN KNIVES OF ONLINE FRAUD

Scam actors employ a variety of methods – these include copying websites, spreading fake mobile apps or social media accounts, and impersonating spokespersons and brand partners – which could translate to serious harm to companies both large and small. This may manifest in different forms, including long-term damage to brand reputation and loss of revenue.

In addition, the application of emerging technologies may further contribute to the sophistication and complexity of methods in the repertoire of scammers.

Scammers can execute complex, multi-stage scams tailored to a specific user based on his or her digital profile using data such as a user’s IP address, device type and language preference. Digital crimes have also been exhibiting a greater level of customisation – scammers ensure that their snares do not catch the wrong prey by showing their pages only to specific victim pools or using one-time links.

Whatever the case, businesses have a responsibility to protect customers against such threats. Whether it’s scams, counterfeiting, C-suite impersonation or the illegitimate use of a brand’s digital assets, companies need the most effective tools and technologies to mitigate digital risks.     

HARNESSING TECH AS A SHIELD

Having dealt with IP infringement incidents targeted at over 450 brands globally, Group-IB has gained a firm grasp of scammers’ modus operandi – their behavior and tools employed – and packaged it into a solution designed to protect a customer’s digital appearance on the Internet. The Group-IB Digital Risk Protection system identifies where and how assets are exposed and protects the brand from digital threats that lie beyond the company’s perimeter, including but not limited to scams, digital piracy, phishing, and even data leaks.

“To guide companies along their journey, Group-IB Digital Risk Protection is backed by an experienced team of DRP analysts who are trusted by Fortune 500 companies, leading bitcoin exchanges and celebrities, and legal experts. The team not only maintains the platform’s integrity but also verifies violations, especially in sensitive cases, and works closely with the company with consistent information updates and support,” Mr Rozhnov added.

The all-in-one platform uses machine learning and neural networks to automatically monitor a company’s digital footprint, detect violations, and prioritise and initiate appropriate takedown tactics.

Group-IB’s fraud-tracking technology – Scam Intelligence – not only assists companies in probing into cybersecurity incidents that have already taken place, but also prevents future attacks by promptly detecting the elements of infrastructure created by threat actors for their future strikes.

Once violations have been determined, Group-IB Digital Risk Protection implements a comprehensive takedown procedure that has resulted in an 85 per cent pre-trial takedown rate on the average.

In one of the latest cases, Group-IB exposed the infrastructure of a scam gang that targeted over 50 famous international food, sportswear, e-commerce, software, automotive, and energy industry brands. This was uncovered after the cybersecurity firm started probing a scam launched on World Health Day that abused the World Health Organization brand.

According to Mr Rozhnov, the journey towards comprehensive DRP takes place in two stages.

“Firstly, organisations should have a proper understanding of their digital risk landscape: They need to know how they can be attacked, what can happen as a result and what the implications will be. Secondly, companies need to have a clear action plan and remediation strategy in case they are targeted. The truth is, few companies have such plans before a real incident occurs,” Mr Rozhnov said.