In 2019, cybersecurity firm Group-IB exposed a Russia-based scam-as-a-service operation. This scheme, initially known as Classiscam, employed counterfeit classified advertisements and social engineering tactics to deceive individuals into purchasing non-existent products or services. Victims were manipulated into transferring money directly to the malicious actors or to their bank cards.
Over the course of four years, Classiscam evolved from a relatively simple and straightforward scam into a highly sophisticated and globally reaching network. It involved at least 393 groups with approximately 38,000 participants engaging in phishing campaigns across 79 countries. These groups impersonated 251 different brands and raked in $64.5 million in ill-gotten gains, according to a new report released by Group-IB.
The vendor identified 1,366 separate Classiscam groups established between 2020 and the beginning of the current year. Victims of this scam typically suffered an average loss of $353.
As time passed, Classiscam schemes expanded to allow fraudsters to pose as both buyers and sellers of items, with many operations becoming automated. This automation lowered the barrier for entry, making it easier for new inexperienced participants to get involved.
Classiscam operations have also taken on a more corporate and hierarchical structure. They now employ Telegram bots and chats for coordination, swiftly creating phishing and scam pages. Many of these groups offer straightforward instructions and provide assistance to other users.
The scope of Classiscam schemes has broadened beyond classified ad sites, targeting online marketplaces and classified services. Scammers impersonate various entities, from classified and reservation websites to delivery services, real estate rentals, retail businesses, carpooling services, and bank transfer platforms. Phishing pages often include features for checking victims’ account balances and harvesting credentials through fake login pages, indicating continued evolution.
Similar to ransomware-as-a-service (RaaS) and other service-based criminal operations, sometimes re ..
Support the originator by clicking the read the rest link below.
