The Classiscam scam-as-a-service operation has been active worldwide since at least 2019 and has evolved over the past four years to become more sophisticated and global in its reach. It has been used by numerous groups with thousands of participants running phishing campaigns in multiple countries [2], impersonating various brands [1] [2] [3] [6] [7] [8] [9]. The operation has generated significant profits and has expanded its tactics to target online marketplaces and classified services.
Description
The Classiscam scam-as-a-service operation has been active worldwide since at least 2019 and has evolved over the past four years to become more sophisticated and global in its reach. It has been utilized by at least 393 groups with approximately 38,000 participants running phishing campaigns in 79 countries [2], impersonating 251 brands [1] [2] [4]. The operation has earned an estimated profit of $64.5 million between H1 2020 and H1 2023. Classiscam schemes have expanded to allow fraudsters to pose as both buyers and sellers [2], and operations have become automated [2] [8] [9]. The attackers now use Telegram bots and chats to coordinate operations and create convincing phishing pages [2]. The targets of Classiscam schemes have extended beyond classified ad sites to online marketplaces and classified services [2]. The scammers impersonate various industries and may include a way to check the balance in targets’ accounts and fake login pages to harvest credentials [2]. Classiscam operates similarly to ransomware-as-a-service [2], utilizing available automated tools and phishing sites [2]. The majority of victims are based in Europe [5], with the highest average losses reported by UK users [5]. Classiscam’s evolution has been facilitated by Telegram bots [5], and cybersecurity experts at Group-IB will continue monitoring activities and working with law enforcement and affected brands to combat this persistent threat [5]. Classiscam is expected to continue as a major global scam operation in 2023 due to its automation and low technical barrier of entry [7].
Classiscam has expanded its operations and introduced new phishing schemes and information stealers [1]. The scam originated in Russia and has spread to Europe [1], the United States [1] [4] [7] [9], the Asia-Pacific region [1] [3] [6] [7] [8] [9], and the Middle East and Africa [1] [3] [4] [6] [8] [9]. The Middle East and Africa have become the second most targeted region by Classiscam [1], with the UAE facing challenges with targeted brand activities. The average amount lost by Classiscam victims worldwide is $353 [1] [3] [6] [8]. Classiscam scammers have created resources emulating the login pages of 63 banks in 14 countries [1]. Group-IB is actively monitoring and assisting in efforts to take down these scams [3] [8]. The Classiscam groups discovered by Group-IB researchers from 2020 to 2023 numbered 1,366. The attacks also involve human trafficking in call centers [4].
Conclusion
The Classiscam scam-as-a-service operation has had a significant impact globally, with thousands of participants and millions of dollars in profits. It has expanded its operations to target online marketplaces and classified services, posing a threat to individuals and businesses alike. Efforts are being made by cybersecurity experts and law enforcement to combat this persistent threat, but the automation and low technical barrier of entry make it likely that Classiscam will continue to be a major global scam operation in 2023. Continued monitoring and collaboration with affected brands and law enforcement will be crucial in mitigating the impact of Classiscam.
References
[1] https://menafn.com/1106990959/Classiscam-2023-Global-USD-645-million-scam-as-a-service-operation-scales-to-target-brands-in-15-MEA-countries
[2] https://securityboulevard.com/2023/08/from-simple-beginnings-classiscam-fraud-campaigns-go-global/
[3] https://www.cxoinsightme.com/news/global-usd-64-5-million-scam-as-a-service-operation-classiscam-2023-scales-to-target-brands-in-15-mea-countries/
[4] https://www.scmagazine.com/news/classiscam-threat-group-leverages-automation-to-launch-phishing-attacks-in-79-countries
[5] https://www.infosecurity-magazine.com/news/classiscam-dollar645m-scheme/
[6] https://securityreviewmag.com/?p=25909
[7] https://www.zawya.com/en/press-release/companies-news/classiscam-2023-global-645mln-scam-as-a-service-operation-scales-to-target-brands-in-15-mea-countries-c26ol4em
[8] https://www.tradingview.com/news/reuters.com,2023-08-31:newsml_Zaw2Rd2dy:0-pressr-classiscam-2023-global-64-5mln-scam-as-a-service-operation-scales-to-target-brands-in-15-mea-countries/
[9] https://securitymea.com/2023/08/31/global-usd-64-5-million-scam-as-a-service-operation-classiscam-2023-scales-to-target-brands-in-15-mea-countries/
