Overview of the most popular online scams
According to a recent study by Group-IB, scams became the number one online crime in 2020-2021. Fraud accounts for 73% of all online attacks: 56% are scams (deceit resulting in the victim voluntary revealing sensitive data) and 17% are phishing attacks (theft of bank card details).

Given the scale of the problem, Group-IB experts named the situation a "Scamdemic". Every major company, well established brand, and public figure that takes their reputation seriously is at risk. To keep users and businesses informed, Group-IB experts created a project called Scamopedia in which they analyze all popular online scams and provide recommendations on how to avoid falling victim to them. Stay tuned to follow regular updates of our knowledge base!
The shades of scam
Online scam is a type of crime that involves the use of technologies such as the Internet, IP telephony, and messengers. In 99% of cases, threat actors attempt to either steal money or to make money by stealing bank card information or personal data and then selling it.

The idea behind scams has not changed for years, but the schemes themselves (selling non-existent items on classifieds; fake delivery services; selling QR codes or vaccination certificates during the pandemic) change constantly, with scammers just about staying ahead of the media agenda in terms of the topics they use. Group-IB's Digital Risk Protection and CERT-GIB experts analyzed scam and phishing resources and described the most popular schemes.

for users
The most effective way to protect against criminals
is to always be cautious and to improve
your digital literacy.
Protect to the max
Enable two-factor authentication where possible. Update browsers to the latest version and install security patches on time. Disable automatic addition of invitations in Google Calendar. Do not click on links or download attachments from emails when you do not know the sender or if you do not expect to receive such emails.
Do not trust promotions and giveaways
Do not trust fantastic "discounts", "promotions" and "giveaways". When taking part in giveaways, especially organized by well-known companies, check whether the giveaway is mentioned in official sources. Large-scale promotions are always mentioned on a company's official website and social media pages.

Pay extra attention to requests to pay "commission". In legitimate giveaways, winners are usually not asked to pay for shipping, commission, currency conversion, etc.
Buy products on official websites only
Inspect the domain name of the resource you are using. If it differs from the original domain or looks suspicious, do not buy or order anything. In most cases, a scam website differs from the original domain by only one or two characters. It is good practice to check the date when the website was registered, which can be done using services such as whois.net, pr-cy.ru and cy-pr.com. Scam and phishing resources do not live long.
Be careful on marketplaces and classifieds
Big discounts on devices are a sign that the bait ad on the classified was created by scammers. When using marketplaces, communicate with users only in the service chats and do not switch to third-party messengers.

Do not order goods in advance: pay when you receive the goods and make sure that they are in good condition.
Do not disclose personal information to strangers
If you get a call from a "bank", "the police", "social security", or "a telecom operator", politely end the conversation and hang up. Do not disclose any personal data or bank card details. Call the official number yourself or visit the company's office.
Whopping profit
Offers and promises to make "easy" money online, especially when the amount is equivalent to a top manager's salary, should be regarded as red flags. Selling "schemes with fabulous earnings" for a nominal fee is a scam.
Prohibit SIM card reissue
Contact your mobile phone operator and write a formal letter prohibiting them from duplicating your SIM card without you being physically present. As a result, fraudsters will not be able to clone your SIM card and use it for committing crimes.
Experienced a crime? Here's what to do
If you have had money stolen from you, immediately report it to the bank, block the card, change passwords through online banking, file a statement with the police, and contact the bank's security team.

Will the money be returned? It depends on the type of scam. If you shared passwords, logins or codes, or if you transferred money to the scammers, then unfortunately the situation will be considered as your fault — although in some cases banks help their clients on a case-by-case basis.

If you or your company have fallen victim to scammers, immediately contact the police, report the incident to the relevant technical support team, and provide them with any correspondence with the fraudsters. You can also report fraud to CERT-GIB by calling the hotline at +65 3159-3798 or by sending an email to response@cert-gib.com.
Recommendations for companies
Apply comprehensive monitoring and scam elimination technologies
To combat the advanced scam and phishing schemes described above, classic monitoring and blocking approach is no longer enough. One cannot eliminate scams by blocking separate violations. It is essential to identify and block the entire infrastructure used by cybercriminal groups. Group-IB's Digital Risk Protection system helps protect digital assets, brands, and personal and corporate reputation leveraging threat intelligence. In just one year, by preventing potential damages, the system helped save as much as $443 million for companies in the Asia Pacific region, Europe, and the Middle East.
Know you scam landscape
Group-IB's patented DRP technologies in threat intelligence, which are based on the deep understanding of cybercriminals' logic and behavioral patterns that Group-IB experts accumulated in numerous investigations of high-tech crimes globally, automated graph analysis, and monitoring of threat actor infrastructures in real time help immediately detect fraudsters' entire networks and block them, as opposed to handling individual links to phishing and scam resources. All the information gathered about the threat actor and their infrastructure can be compiled into actionable reports for the further transfer to lawyers or law enforcement with the ultimate goal of bringing the scam actor to justice. As such, 85% of violations related to any type of fraud are eliminated as part of a pre-trial process, which saves the protected organization's resources.
Use trusted providers of digital risk protection solutions
Based on more than 10 years of Group-IB's experience in analyzing online fraud, Group-IB Digital Risk Protection leverages neural networks and adaptive scoring to automate sophisticated processes that involve detecting and categorizing fraud targeted at a specific company or industry, anywhere in the world. How does the solution work? Request a demo to learn more about DRP here.
Join Group-IB Digital Risk Summit 2022 to learn more about the latest scam trends and practical insights how to protect users and businesses.