The Classiscam scam, which originated as an online shopping scam in Russia, has now grown into a global operation spanning across 79 different countries, according to a recent report. The campaign, dubbed “Scam-as-a-Service,” has evolved over time, with cybercriminals using sophisticated techniques to target users and steal their information.
Researchers have discovered that the Classiscam campaign can generate phishing emails and scam pages within seconds. Since its inception in 2021, the campaign has targeted a staggering 251 brands across the globe. The cybercriminals behind the operation utilize Telegram bots to create ready-to-use phishing pages, which are then duplicated from genuine company websites. These websites range from marketplaces to logistics operations and classified web pages.
In one instance, the scammers employed spoofing techniques to imitate a legitimate logistics website, intending to target users in 31 different countries. The scammers also create phishing templates for each brand they impersonate, editing them to fit the local language and currency of the targeted country.
What sets the Classiscam campaign apart is its usage of Telegram as a platform. Around 1,366 other groups on the messaging app have made use of the tools and services provided by Classiscam to launch their own attacks on various targets. The scammers behind the campaign have a strong presence on Telegram, with 393 active groups and over 38,000 members.
The cybercriminals have created fake login pages to dupe users, with 63 banks in 14 countries being incorporated into these phishing web pages. The banks targeted include those in Belgium, Canada, France, Czech Republic, Germany, and more. Currently, the Classiscam operators have adopted advanced technology capable of harvesting bank account credentials, in addition to using information-stealing malware to further their illegal activities.
The rise of the Classiscam campaign can be attributed to the COVID-19 pandemic, with more people working from home and relying on online shopping. The scammers exploited this trend, specifically targeting online shoppers. They initially focused on European targets before expanding their operations to the United States, Asia Pacific, the Middle East, and Africa.
According to the research report, internet users in Germany accounted for the highest percentage of transactions registered in Classiscam chats, followed by Poland, Spain, Italy, and Romania. The scammers have reaped significant profits from their operations, earning an estimated $64.5 million in the past two years. The number of brands they targeted has also increased over time, from 38 in 2021 to 169 in 2022, and finally reaching 251 in the first half of 2023.
Previously, the Classiscam group was known for creating malicious advertisements on classified websites. They would send targeted emails to users, urging them to purchase certain products. Unsuspecting users would enter their bank details and make payments, unknowingly transferring money to the scammers’ accounts.
The Classiscam campaign has become automated over the years, allowing cybercriminals to offer it as a service to others. The Scam-as-a-Service model includes automated phishing page creation and modification based on the target location. It also provides easy-to-follow instructions for buyers and has support members who answer questions on the dark web.
Researchers have also discovered additional features added to the Classiscam-as-a-Service model. These include fake bank login pages to deceive users further and a balance check feature to determine the amount to charge unsuspecting victims.
It is essential for internet users to be vigilant and cautious when interacting online, especially when it comes to sharing personal and financial information. Users should be aware of phishing scams and carefully examine emails, links, and websites before providing any sensitive data.