Telegram-based phishing service Classiscam hits European marketplaces

Telegram-based phishing service Classiscam hits European marketplaces


Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.


Some of the brands abused through this scam are extremely popular in Europe and include LeBonCoin, Allegro, OLX, Sbazar, FAN Courier, Lalafo, Kufar and DHL.


Scam expanding to Europe


At least 40 cybercriminal gangs are using a scam-as-a-service that relies on Telegram bots to provide pages that impersonate popular classifieds, marketplaces, and delivery services.


Security researchers at Group-IB through the company's digital risk protection in Amsterdam first spotted the scam in Russia, in the summer of 2019. They named it Classiscam and observed it grow from 280 scam pages to about 3,000 in less than a year.


Since its discovery, the scheme expanded to post-Soviet and European countries like Bulgaria, France, the Czech Republic, Poland, and Romania.



At least 40 gangs are running Classiscam, 20 of them being Russian, the most profitable ones making more than $500,000 every month. Group-IB calculated that the gangs operating in European countries make an average monthly profit of $61,000. It is estimated that the scammers made more than $6.5 million in 2020.


The scammers publish ads on popular marketplaces and classifieds claiming to offer various products (cameras, game consoles, laptops, smartphones) at low prices.


When someone interested in the deal contacts them, they move the conversation to a third-party messaging service. Group-IB says that the scammers use local phone numbers when speaking with the victim.



"Evildoers ask victims to provide their contact information to allegedly arrange a delivery. The scammer then sends the buyer an URL to either a fake popular courier service website or a scam website mimicking a classified or a ..