Survey scams revived using ad industry tricks to deliver tailored assaults


John Leyden December 21, 2021 at 16:22 UTC

Updated: December 21, 2021 4:23 PM UTC

More villains than Mad Men

Cybercriminals are using new, targeted tools and techniques to revive an online scam that was, until recently, out of fashion.

The far-reaching campaign, targeting users in 90 countries around the world, uses fake surveys and giveaways claiming to be from popular brands to steal users’ personal and payment data.

These so-called survey scams date back years, but the latest round of scam messages use targeted links featuring content tailored to each potential victim – a trick that makes investigating the fraud more difficult than normal.

YOU CAN LIKE US identity thieves jailed for over $130,000 scam targeting seniors

Moreover, the sheer scale of the scam is causing headaches for investigators according to threat intelligence firm Group-IB.

There has been a sharp increase in the number of spoofed brands and implicated domains since we started observing scams involving the use of deep linking technology.

Whereas in the past [when] The scam actors used dozens of well-known brands in their schemes, there are now more than 120 brands impersonated by scammers operating deep links and at least 60 networks of different domains as part of the campaign. ongoing scam observed by Group-IB DRP (Digital Risk Protection).

According to Group-IB, millions of people have been targeted with fake survey invitations that lure victims through a maze only designed to trick them into handing over sensitive personal information such as credit card details.

“The pool of potential victims of 60 domain name networks detected by the Group-IB DRP is estimated at 27.7 million people,” a Group-IB spokesperson said. The daily sip.


The type of scam isn’t new, but while in the past fraudsters targeted users indiscriminately, the latest version of the system uses techniques stolen from legitimate ad campaigns to deliver personalized content.

First, scammers try to trick their victims by handing out invitations to participate in surveys to win a non-existent prize.

Each of these offers contains a link to the survey website. For this, threat actors use all possible legitimate digital marketing means: contextual advertising, advertising on legal and completely rogue sites, SMS, mailings and pop-up notifications.

To trick users into visiting the fraudulent websites, cyber criminals register domain names similar to official domain names.

Scammers also use information about potential brands, including country, time zone, language, IP address, etc., in order to tailor links.

Learn about the latest computer fraud news

Group-IB says The daily sip: “The final scam link is personalized for a specific user and can only be opened once. This makes it more difficult to detect such links, which inevitably leads to a longer life cycle of the scam and hinders withdrawal and investigations.

Data requested from involuntary brands typically includes full name, email, mailing address, phone number, credit card details including expiration date and CVV. Users are sometimes also asked to pay a tax or test payment to receive the prize.

Fraudsters use compromised payment card data to purchase goods online, register fake user accounts, or simply sell personal information on the dark web.

The fraud has been spotted in 91 countries, with cybercriminals exploiting at least 121 brands as bait, many of which are telecom service providers or retailers.

RECOMMENDED How Expired Web Domains Help Criminal Hackers Unlock Business Defenses


Comments are closed.