Story image

Massive WHO scam busted - 'DarkPath Scammers' group suspected

Thu 6 May 2021

The United Nations International Computing Centre (UNICC) and cybersecurity firm Group-IB have taken down a major scam campaign that impersonated the World Health Organisation and targeted millions of people worldwide.

The scam campaign comprised a network of 134 websites that attempted to lure people in by asking them to take a survey for a monetary reward. However, the rewards - and the websites, were all fraudulent.

When people filled out the survey, they were asked to share the survey link with their contacts through WhatsApp. The shared link also included fake comments that stated what ‘prizes’ others had received, thus perpetuating the scam throughout social networks. 

Users who continued clicking links ultimately ended up downloading browser add-ons, subscribe to paid services, land on phishing websites, or end up on an adult ‘hookup’ website.

Together, Group-IB and UNICC took down all web pages and blocked all rogue domains within 48 hours of discovery.

Group-IB explains, “The analysis of websites revealed that the cybercriminals use scam kits. Like phishing kits, scam kits are sets of tools that help create and design scam pages. One scam kit allows impersonating multiple brands at a time using the same template. It is worth noting that after the takedown efforts by UNICC and Group-IB, the scammers stopped using the WHO branding across their entire network.”

The World Health Organisation has been a major source of inspiration over the last year. In addition to the 134 websites involved in this scam, there have been thousands of other scams related to COVID and healthcare.

Group-IB identified a group of scammers called ‘DarkPath Scammers’ as the likely culprit. Group-IB estimates that more than 200,000 people are lured into its network every day. 

DarkPath Scammers has targeted almost every industry, including food, computer, retail, hospitality, energy, telecommunications, and healthcare.

Group-IB digital risk protection team head Dmitry Tyunkin comments, “Many brands still underestimate the impact of such scams on their businesses and customers. The approach most companies take when tackling brand abuse online can be compared to tilting at windmills: they overlook the continuous trend involving multistage scams and distributed infrastructure. 
“Scammers use smart advanced technologies and are successful due to the lack of comprehensive digital asset monitoring by brand owners .”

Internet users should always carefully check websites they visit because scammers often use domain names that are almost identical to official ones. 

“Anyone who wants to keep their personal data and money safe should foster a habit of always being suspicious of any website on which they plan to enter their data,” Group-IB concludes.

Recent stories
More stories