Group-IB reveals a network of fraudulent websites that mimic WHO

Photo of author

By admin

The international company Group-IB, which specializes in preventing cyberattacks and investigating high-tech crimes, has identified 134 fraudulent sites on the Internet, behind which the DarkPath Scammers group stands. This is stated in a message from the company to Izvestia on Friday, April 30.

All of these sites mimicked the World Health Organization (WHO) and promised users € 200 for completing a fake Health Awareness Day survey on April 7th.

The essence of the attackers’ scheme was that after answering the questions, the user was asked to share the link to the survey with their contacts in the WhatsApp messenger. When the victim clicked on the share button, instead of the promised reward, they were redirected to third-party fraudulent resources, where they were offered to participate in another giveaway, install a browser extension, or subscribe to paid services. In the worst case, users could end up on malicious or phishing sites.

The content that the victim sees depends on the location, language settings. For example, the currency of the proposed reward varied depending on the user’s location.

Fraudulent sites were reported by Group-IB in early April by the United Nations International Computing Center (UNICC). The IT company has blocked all fraudulent domains within 48 hours of detection.

Further investigation by Group-IB revealed that all identified and blocked domains were part of a larger network controlled by the DarkPath Scammers. Resources that mimicked WHO were linked to at least 500 other scam and phishing sites that mimic over 50 well-known international brands in the food, sportswear, e-commerce, software, energy and automotive industries.

The IT company specialists identified the malicious infrastructure, disclosed the IP addresses of the real servers where the phishing content was stored. They continue to monitor the activity of a group of cybercriminals.

Most of the scam sites DarkPath Scammers now remain active and target millions of users around the world. According to Group-IB’s estimates, the entire fraudulent network attracts about 200 thousand users from the USA, India, Russia and other countries every day.

Andrey Busargin, Deputy CEO of Group-IB for Digital Risk Protection, noted that many brands still underestimate the impact of this kind of fraud on their customers and business. Meanwhile, scammers are increasingly turning to advanced technologies and succeeding due to the lack of comprehensive monitoring of digital assets by brand owners.

The day before, Group-IB reported that 50 phishing pages selling lucrative air tickets were found in April. For the entire 2020, 56 such resources were identified. In 2021, scams peaked in the last week of April, following the announcement of the 10-day May holidays. Fraudulent portals are spreading to the first position in the search results in Yandex and Google for requests “buy cheap air tickets”.