When it comes to the wool party, people still think of online vendors who search for coupons on Taobao and Jd.com every day and then stock up on boxes of toothpaste at home.
In fact, otherwise, the domestic wool party has formed a lucrative, well-organized, highly organized grey production organization. From BAT to unknown Internet companies, as long as they hold marketing activities, they may face a great threat from the Wool Party.
Even so, the Fleece party is capable of attacking and winning big billion-dollar, publicly traded companies. This is a little bit beyond your imagination.
Zombie corps beat down listed companies: a company half a year of losses10Hundred million
In August 2016, have an explosive news spread in all kinds of online group, abb group, a wholly owned subsidiary of the listed company’s push to live software, as long as you register the live, live every day for 10 minutes, 30 yuan, the first day on the second day 30 yuan, or $30 on the third day, a day after 10 yuan, and can show the next day.
(Wall-to-wall experience exchange posts on the Internet)
If you watch more people live, there are ranking awards! Some people use a single account anchor, the rest of the trumpet to brush gifts, a day income of tens of thousands of yuan.
Process don’t speak, just say the results: at the end of 2016, according to the statistics institutions of the digital, the live software only 1.12 million active users, with its 1.6 billion investment in extremely disproportionate (net loss of about 1 billion yuan, the company by ST), only the host into reached nearly 1.4 billion, of which I don’t know how much is the zombie army rolled away.
Corresponding to it is: such and such software brush ranking, brush gifts, identity certification set and so on black material, rampant in the dark net, black production session more than many millions of millionaires.
It seems that the decision makers of this company only saw the popularity of live streaming software and saw that material stimulation could attract traffic, but did not go into the things behind the black production.
Mobile phone black card: Internet black production“Oil”
If oil is the blood of modern industry, mobile phone black card is the “crude oil” produced by Internet black card. With the vigorous implementation of the real-name system of mobile phone number in China, many Internet companies take the account registered with mobile phone number as the cornerstone of identity authentication system. The participation of mobile phone number is required for password retrieval, identity authentication, password modification, large payment and so on.
No matter how well your risk control system works, there will be unintended consequences if the cornerstone of your phone number goes wrong.
What’s more, the senior managers of many Internet finance companies and e-commerce companies only have traditional financial risk control background and have insufficient estimation of the security risks of Internet account business, which leads them into the dilemma of Sisyphus when they carry out new business, activity operation and new user registration.
The acquisition of new users is becoming more and more expensive. The acquisition cost of an effective financial user is as high as hundreds or thousands of yuan. If I want to directly provide this cost to new users as a registration incentive, even 50 yuan of material incentive can arouse users’ interest, then I can directly find ways to do activities and give the 50 yuan to users, ok?
The answer is no. Because of the difference in information acquisition cost, 99.99% of the 50 yuan went to the zombie army led by Kurochan.
5Yuan new activities, lu Beat rechargeAPP
A game top-up APP, just got an investment, want to invest millions to do activities, let active users up, at the same time make investors happy.
Background, a CEO or a game on Internet black notice, and risk control team closely calculated a few days later, took out a activity plan: every new user registration, can get a nominal value of 68 yuan package, but in fact the convertible currency, can be 30 minus 5 yuan filling words fee, or 30 yuan reduce 5 yuan to buy qq COINS.
In advance, they made a rough estimate of the price and cost of black production: each user only gives 5 yuan of benefits, and requires a mobile phone number, ID card (face recognition), mobile phone IMEI integration, such risk control, even if there are loopholes, loopholes are not very big, right?
In fact, the campaign ended in less than a week. Earn in each net forum, leave is: so-and-so top up how can not use voucher?
According to the APP’s press release and matching advertising resources, the loss should be more than 3 million yuan.
So, a single new user 5 yuan, is it worth the wool party to masturbate?
Cost calculation of fleece lifting: profit per order8The yuan,10All is not a dream
The risk control team of the top-up APP may not know that today’s black industry is not the past: a certain tycoon has 100,000 cards, each card costs 50 to 60 yuan, and each order needs to earn at least 10 yuan.
On the Internet, there is something called “access code platform”.
On the platform, you just need to put forward a demand, such as signing up for an Ele. me account, and a card company will meet you. Normally, a verification SMS for a takeout account only costs 0.1-0.2 yuan.
If Q found that Ele. me was going to hold an event to reduce the number of new users from 20 to 16, he would buy SMS verification codes from the code receiving platform and bank card binding information from Q Group. The overall cost would be about 1-2 yuan, while the price of red packets would be between 8-9 yuan.
Small Q’s profit is about 8 yuan per order.
If Xiao Q buys 10,000 numbers from the code receiving platform and spends 100-200 yuan to buy an automatic registration machine (a customized registration machine costs 500-1000 yuan), he can make 80,000 yuan profit from Ele. me in one day.
With such organizational ability, which ordinary users can grab the wool party?
For companies like Ele. me, at the early stage of the event, they were unaware of this kind of behavior. New users registered enthusiastically, coupons were snapped up, orders increased, and everyone was celebrating.
But as soon as the campaign stops, newly registered users become zombies and never place orders again.
In-depth research on mobile phone black card: Internet of Things card is not only used for shared bikes, but also become a new favorite of black industry
According to Bi Yu, CEO of Threat Hunter, who interviewed top black industry experts, there are about 100 million pieces of data in its mobile phone black number database, among which 80-90% are Internet of Things cards. In layman’s terms, these are the mobile phone cards that are widely used in shared bikes.
(Image from Threat Hunter, group control System)
The monthly rent of this card is very low, some are zero. Bulk purchases and registrations can be made in the name of the company, bypassing the strict real-name requirements for mobile cards.
The number of mobile phone black cards continues to grow rapidly, with 700,000 new data being added every day to the database of black numbers threatening hunters.
In addition to a large number of iot cards, there are also a small number of real-name cards and overseas cards, which account for about 10 percent of all black cards. For example, some virtual operators do not strictly implement the real-name id card system, so they can batch real-name system in the background.
Another example is the growing number of mobile cards from countries such as Myanmar and Vietnam. Starting from the second half of 2016, a large number of mobile phone cards from Myanmar, Vietnam, Indonesia and other Southeast Asian countries began to enter the domestic mobile phone black card industry. These cards support GSM network and can be used directly after entering the country, without the need for real name authentication. At the same time, these mobile phone cards are basically 0 month rent, receive SMS free, low cost, very suitable for the use of mobile phone black card industry, and the use rate is increasing.
The four industries most affected are Internet finance, e-commerce, social networking and social networkingO2O
Bi Yu, CEO of Threat Hunter, said that through data mining on the mobile phone black card industry, the top four industries were Internet finance, e-commerce, social networking and O2O, accounting for 64.7 percent of all attacks.
The Internet finance industry can be said to be the most seriously affected by the mobile phone black card industry. In order to attract customers to their own platforms, various Internet finance platforms compete with each other to invest heavily in various new user registration activities. The Wool Party used mobile phone black cards to register a large number of new users on various Internet financial platforms, and a large amount of funds for the activities of the platform fell into the pocket of the Wool Party. The effect of the activities was greatly reduced, and some platforms were directly removed and closed down.
Attackers in the e-commerce industry mainly register accounts through major e-commerce platforms and use these accounts to help merchants brush orders and reputation, which impacts the evaluation system of e-commerce and damages the interests of e-commerce platforms, normal businesses and buyers. The e-commerce platforms attacked include Taobao, JINGdong, Yihaodian, Mogujie and Vipshop.
Attackers register a large number of trumpets on social platforms, and use these trumpets for advertising, powder, reading, acting as an online water army, spreading pornography, online fraud and so on. The most attacked platforms include wechat, QQ, Sina Weibo, Inke and Kuaishou.
In recent years, O2O industry has been developing rapidly in China, and various platforms have spent a lot of money in order to compete for users. From the war of thousands of groups between group purchase websites in 2010, to the war of 2.4 billion subsidies between Didi and Kuaidi in 2014, to the recent war of red envelopes in the field of shared bikes, the fierce battle is rarely seen in the world. The vast number of users in these wars did get benefits, but gain more benefits or hands in the hands of a huge number of mobile phone black card resources wool party. O2O platforms with merchants like Dianping are under attack from subscribers as well as e-commerce platforms, affecting the evaluation system.
How should Internet companies guard against the fleece party?
Experts suggest that only by starting with operator management mechanism can the problem of mobile phone black card be solved: for example, the Internet of Things card should adopt special number segment, and stop issuing the Internet of Things card with normal number segment. Third, we should strengthen the authority management of regional agents, establish the real-name audit process, and timely find the inside ghost.
As an Internet company, it should obtain a mobile phone number identification service from a professional black information company before launching a marketing campaign. Incorporate audit strategies into registration or activity processes to make effective use of funds invested by enterprises and minimize losses caused by the black card industry.
As a professional security media researching black industry, Blackkist will continue to pay attention to the trend of Internet black industry. Dear readers, you are also welcome to comment, exchange and contribute if you have a case of holding an event and being attacked by the Wool Party, or if you have a lesson of dealing with the wool Party.