Global State of Scams Report

Beim Global Anti Scam Summit am 9. und 10. November 2022 im The Hague Security Delta Campus wurde der diesjährige Global State of Scams Report offiziell vorgestellt.

Im Report wird versucht die verschiedenen Missbrauchsarten – von denen Missbrauch beim Online-Shopping nur ein Teil ist – bezüglich des monetären Verlusts und der globalen Entwicklung einzuschätzen:


Scammers have proven more successful in 2021 than ever before. The number of scams
reported increased with 10.2% from 266 in 2020 to 293 million reports in 2021. The amount of money lost in scams grew from with 15,7% from $47.8 billion in 2020 to $ 55.3 billion in 2021, mainly due to the rise in Investment Scams (also read: About the Data).
Scammers are using any crises to scam people; moving from preordering your Coronavirus
vaccination in the beginning of 2021, to cheap flight tickets for Hajj pilgrims, “supporting”
victims of the Australian bush fires, “helping” Ukrainian refugees and more recently, tickets to Queen Elizabeth’s funeral memorial and energy crisis government subsidies.

Auf Seite 33 des Reports wird das Forschungsprojekt INSPECTION in einem Interview mit Joachim Feist von der mindUp Web + Intelligence GmbH besprochen:

What can you tell about Project INSPECTION?
The research project INSPECTION finds hacked web pages whose resources are being misused to redirect users into fake online shops.
What advantage do these website hackers hope to gain?
By hacking existing domains, the fraudster takes advantage of the reach that has grown over the years, the good search engine ranking, and the positive reputation of the hacked site. Even if there is no thematic match between the fake store and the so called hacked host site, the attacker can place ten thousand thematic pages of his fake store in the search engine index overnight, generating a high number of web visits.
Which websites are particularly often the target of such attacks?
Very small website operators are often targeted. The victims are therefore mainly associations, freelancers or self employed people, for example from the craft sector. But also private individuals. Security gaps often exist because the operators see their websites as a one off investment, they do not keep the site secured.
Why can fake stores become so widespread on the Internet?
The hackers know: The risk of prosecution is low. In most cases, the servers used for the crimes are located outside of Germany and Europe, making it difficult to identify and apprehend the criminals in this country.
Our attempts to refer fake stores to law enforcement agencies, Internet registrars, or consumer protection for closure in order to stop them have also failed. Our current legal regulations can do little against cybercriminals operating internationally. Moreover, it is difficult to adequately inform operators of an attack that has taken place, because an e mail of a hacked site is usually not read. Even if you can contact the site owner, in most cases, those affected cannot act quickly enough due to a lack of IT expertise.
How will INSPECTION help in the future?
The focus of our idea is, on the one hand, the detection of hacked sites and, on the other hand, the targeted, largely automated and early warning of the operators of the hacked sites. After all, mere detection remains useless if there are no measures to remedy the problem.

In den zwei Tagen der hybriden Konferenz wurden in vielen Vorträgen, Panels und Workshops mit Teilnehmern aus sehr vielen Ländern die verschiedensten Aspekte angesprochen. Einige Vorträge waren auch im Umfeld von Fake-Angeboten im Online-Shopping.

Louise Beltzung von der Watchlist Internet berichtete dabei über ein Awareness-Projekt aus Österreich: Unter blackout-kits.at erreicht man einen Online-Shop, der bei genauerem Hinsehen einige Mängel bezüglich Impressum, zu günstiger Preise und seltsamen Deutsch in den Rücksendebedingungen hat. Bestellt man trotzdem hat man Glück – man wird lediglich gewarnt, dass dies genauso ein Fake-Shop hätte sein können.

Von Amazon war Abigail Bishop gekommen, um zu berichten, welche Maßnahmen der E-Commerce Gigant ergreift, um zu verhindern, dass Verbraucher auf der Plattform betrogen werden.

In Dänemark erfordert die Registrierung einer Domänen, dass man sich ausweist. Über die positiven Auswirkungen dieser Regelung berichtete Jakob Bring Truelsen, CEO von Hostmaster, Domain-Registry in Dänemark.

Die jährlich stattfindende Konferenz stellt einen wichtigen Beitrag dar, das Ausmaß von Missbrauch zu beziffern und sich über Maßnahmen auszutauschen.