More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB.
The automated scam service has been named Classiscam by Group-IB and it’s meant to help cybercriminals steal money and payment data from unsuspecting victims, through the use of fake pages mimicking those of legitimate classifieds, marketplaces and delivery services.
The Classiscam scheme is powered by Telegram chatbots, which generate a complete phishing kit, including courier URL, payment, and refund information. The chatbots also offer shops, where users can purchase accounts to marketplaces, manuals, e-wallets, mailings, and even lawyers.
Simple and straightforward, the scheme has gained a lot of popularity, with over 5,000 scammers registered in the 40 most popular Telegram chats by the end of 2020.
More than 20 threat actors are believed to be leveraging the scheme in Russia, with over 20 other groups operating in the United States, Bulgaria, Romania, the Czech Republic, France, Poland, and multiple post-Soviet countries.
Classiscam emerged in Russia in 2019, but peak activity was recorded last year, amid the switch to telework due to the Coronavirus pandemic. In 2020, the threat groups made in excess of $6.5 million, or approximately $520,000 per month, at an average of $61,000 per month/per group (although the proceeds may differ from one group to another).
Some of the popular international classifieds and marketplaces abused by these scammers include Allegro, OLX, Sbazar and Leboncoin.
The scheme also exploits delivery brands, including DHL and Romanian delivery service FAN Courier, and security researchers have spotted underground forum chats suggesting that new brands will soon be used, such as FedEx and DHL Express in the US and Bulgaria.
The scheme st ..