Fraud on the web: the bottom line for 2022

Exploiting consumer trust and inattention remains a lucrative business, and technology makes it more profitable and widespread.

Cybercriminals continue to deceive consumers and play on the trust of citizens and businesses on the Internet. The past year was full of extraordinary events in online fraud and marked a trend of increasing number of offences and large-scale leakages of personal data from users and clients of major Russian companies. Let’s take a look at some figures, explore the high-profile cases of 2022 and see what the government is doing to fight online crime and protect citizens and businesses.

The succession of events in the world, succeeding one another, is a fertile ground for fraudsters. And the World Wide Web is no exception. Consumer confidence and inattention continue to be lucrative businesses. And modern technology makes it more profitable and common.

According to statistics of the Central Bank of Russia, the number of cases of theft of money from citizens in the third quarter of 2022 year compared with the same period last year decreased by 10.3%, to 229.8 thousand. At the same time, the total damage caused by criminals, has increased by 23.9%,almost 4 billion rubles.

The spike in cybercrime occurred with the onset of the pandemic in 2020, when economic activity in real life plummeted and shifted to the online space. Over the past 2 years, many people have become accustomed to online shopping and fraudsters continue to take advantage of that fact.

During 2021, online crime decreased until the beginning of 2022, but has started to increase again since the middle of the year. The methods are the same: creating fake websites of well-known shops and banks. The Central Bank initiated the blocking of almost 4 000 websites in Q3, an increase of 68% year-on-year. Statistics on the return of funds by banks when they are stolen from the accounts of citizens is disappointing - only 3.4% (which is 134.3 million rubles) are returned to customers. The rest is the profit of swindlers.

The Bank of Russia and the Russian government are currently working on a mechanism whereby if a customer has been misled into transferring their money to a cyber fraudster, they can expect to be reimbursed by the bank.

In many cases, the source of trouble is not only fake websites, but also telephone scammers. In Q3 2022, the Central Bank initiated the blocking of almost 300,000 phone numbers, mostly mobile numbers.

It is worth mentioning that the rise in cybercrime is not only a trend in Russia. Group-IB company estimates monthly losses of users from such actions in the world in the amount of $80 million (5.9 billion rubles).

Many fakes involve gaining access to a service such as Spotify Premium.

A Russian hit among cyberfraudsters in 2022 was sites offering to buy paper, especially at a time when there were supply disruptions. For the most part, this type of deception targeted small and medium-sized businesses.

Most recently, Group-IB identified more than 16,000 phishing sites offering football fans tickets for matches of the World Cup in Qatar, as well as souvenirs with the official logo of FIFA 2022. A further 66 such resources were aimed at Russian fans.?

Playing on the passion for football, cyber criminals also registered massively fake online shops in English and other languages, offering fans the chance to buy national teams' shirts, souvenirs or tickets to the game. Another scenario was that potential volunteers were asked to fill in an application to get a job during the tournament. Visitors clicked on the links and found themselves trapped: their personal data was stolen. The theft of exactly this kind of information was particularly widespread in 2022.

Another group of examples is the ?leak? of customer databases to the web. Since the end of February 2022, Roskomnadzor has recorded more than 140 leaks of personal data, and about 600 million records about Russians have ended up on the World Wide Web. All the examples of leaks that have occurred during the year are high-profile cases involving well-known companies.

At the end of February personal data of Yandex.Food's clients was leaked as a result of an attack on a third-party hosting service. Clients' phone numbers and order information became accessible. Later a similar situation occurred with Delivery Club. In that case, it was a database of 250 million strings: names and addresses of users, as well as order information and other data.

Another precedent was a major data leak from the DNS shop chain in September 2022. In this case, we are not talking about users, but about employees. The database contains the following information: full names and personal numbers of employees, date of birth, gender, work email addresses, work phone numbers and other personal data.

In December 2022, the data of users of the tour-buying service Level.Travel was leaked to the Internet. Fraudsters published phone numbers and booking details of some customers. The leak did not affect bank and payment information, or data for logging into users' personal accounts.

It is important to note that cyber-fraud is thriving not only in the B2C segment but also in the B2B segment. The target group for criminals in this case are companies from all sectors of the economy and individual entrepreneurs. And the methods used to achieve their goals are often identical to those used to defraud citizens: fake websites, identity theft followed by blackmail and damage to business reputation, etc. The damage caused by such actions is economically significant for any business, regardless of the scale of its activities.?

The trend of business activities shifting to the Internet and the resulting risks for businesses has been taken into account in the SPARK system, a professional solution for checking counterparties and ensuring the economic security of businesses. A search by site address (domain) implemented in the system allows to quickly identify its ownership of the company or individual entrepreneur, whose indicators of trustworthiness are displayed in SPARK. In cases when there is a need for in-depth verification of potential counterparty, the system allows to find an indirect relationship between companies by domain name used in mail addresses (email) or identify hidden signs of affiliation on IP-addresses. In the case of a potential counterparty acting on behalf of well-known and reputable trademarks (for example, this information is contained on his website), SPARK can check the eligibility of their use by the counterparty as the rights holder or licensee. Thus, SPARK helps to establish the "authenticity" of a counterparty, assess its trustworthiness and prevent contact with abusers in the digital environment.

The government also stands up for the interests of citizens and companies. For example, the Ministry of Finance has introduced a phishing site monitoring system capable of automatically monitoring the Internet and identifying sites masquerading as official government resources, commercial companies and marketplaces. The system is already able to track suspicious activity and receive information on phishing sites from third-party sources, keep track of new, re-registered and transferred domains at up to 1 mln. addresses per hour, keep the information on suspicious resources in the database for the following phishing checks and perform other actions to ensure user safety on the World Wide Web.?

The first results (in 2 months of the system's activity) were identification of 30 000 sites copying government resources, online casinos and fake sites for bookkeeping, fake ticket sales were detected. 9 000 websites were blocked.

To request information on Spark-Interfax solution please?contact us