A complicated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, greater than 1.5 years after increasing to Europe.
“Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data,” Group-IB mentioned in a report shared with The Hacker News.
The cybersecurity agency known as the operators a “well-coordinated and technologically advanced scammer criminal network.”
Classiscam refers to a Russia-based cybercrime operation that was first recorded in summer time 2019 however solely got here below highlight a 12 months later coinciding with a surge in exercise owing to a rise in on-line buying within the aftermath of COVID-19 outbreak.
Called the most generally used fraud scheme in the course of the pandemic, Classiscam targets individuals who use marketplaces and companies referring to property leases, lodge bookings, on-line financial institution transfers, on-line retail, ride-sharing, and bundle deliveries.
Initial targets included customers of standard Russian classifieds and marketplaces, earlier than migrating to Europe and the U.S. There are believed to be over 90 lively teams utilizing Classiscam’s companies to focus on customers in Bulgaria, the Czech Republic, France, Kazakhstan, Kirghizia, Poland, Romania, Ukraine, the U.S. and Uzbekistan.
The fraudulent operation spans acrosss 64 international locations in Europe, the Commonwealth of Independent States (CIS), and the Middle East, with 169 manufacturers used to hold out the assaults. From April 2020 to February 2022, criminals leveraging Classiscam are mentioned to have made at the least $29.5 million in illicit income.
What’s notable about this marketing campaign is its heavy reliance on Telegram bots and chats to coordinate operations and create phishing and rip-off pages.
Here is the core of the way it all works: The scammers put up bait adverts on standard marketplaces and labeled web sites, often providing sport consoles, laptops, and smartphones on the market at important reductions.
When a possible sufferer contacts the vendor (i.e., the risk actor) by means of the net storefront, the Classiscam operator deceives the goal into persevering with the chat on a third-party messaging service like WhatsApp or Viber earlier than sending a hyperlink to a rogue cost web page to finish the transaction.
The scheme includes a hierarchy of directors, employees, and callers. While directors are answerable for recruiting new members, automating the creation of rip-off pages, and registering new accounts, it is the employees who create accounts on free classifieds web sites and place the decoy adverts.
Workers, who obtain 70-80% of the stolen sums, are additionally chargeable for speaking with the victims by means of the platform’s chat programs and sending phishing hyperlinks designed to make funds for the bought items.
“Workers are key participants of the Classiscam scam scheme: their goal is to attract traffic to phishing resources,” the researchers mentioned.
The phishing URLs, for his or her half, are generated by means of Telegram bots that mimic the cost pages of the native labeled web sites however are hosted on lookalike domains. This nonetheless necessitates that the employees ship the hyperlink with the bait product to the bot.
“After initial contact with the legitimate seller, the scammers generate a unique phishing link that confuses the sellers by displaying the information about the seller’s offer and imitating the official classified’s website and URL,” the researchers mentioned. “Scammers claim that payment has been made and lure the victim into either making a payment for delivery or collecting the payment.”
The phishing pages additionally embody an choice to test the sufferer’s checking account steadiness with the aim of figuring out probably the most “valuable” playing cards.
What’s extra, some circumstances incorporate an try to trick the victims a second time by calling them to request for a refund to be able to obtain their a reimbursement. These calls are made by assistant employees who masquerade as tech assist specialists for the platform.
In this state of affairs, the targets are taken to a fraudulent cost web page to enter their card particulars and ensure it by offering a password acquired through SMS. But as an alternative of a refund, the identical quantity is debited from the sufferer’s card once more.
While the aforementioned modus operandi is an occasion of vendor rip-off, whereby a purchaser (i.e., sufferer) receives a phishing cost hyperlink and is defrauded of their cash, there additionally exists purchaser scams.
This entails a fraudster contacting a authentic vendor below the guise of a buyer and sending a bot-generated pretend cost kind impersonating a market allegedly for verification functions. But as soon as the vendor enters their financial institution card info, an quantity equal to the product’s price is deducted from their account.
The whole assault infrastructure operated by Classiscammers includes 200 domains, 18 of which had been created to trick the customers of an unnamed Singaporean labeled web site. Other websites within the community pose as Singaporean transferring firms, European, Asian, and Middle Eastern labeled web sites, banks, marketplaces, meals and crypto manufacturers, and supply firms.
“As it sounds, Classiscam is far more complex to tackle than the conventional types of scams,” Group-IB’s Ilia Rozhnov siad. “Unlike the conventional scams, Classiscam is fully automated and could be widely distributed. Scammers could create an inexhaustible list of links on the fly.”
“To complicate the detection and takedown, the home page of the rogue domains always redirects to the official website of a local classified platform.”