An e-commerce “scam-as-a-service” operation tried-and-tested in Russia has expanded to multiple European countries in 2020, making cybercrime groups over $6.5m in the process, Group-IB has warned.
The Singapore-based cybersecurity company claimed in a new report that “Classiscam” first appeared in Russia in the summer of 2019, but soon migrated west and hit a peak of activity over 2020 as remote workers surged online to shop.
There are now at least 40 active groups using the scam packages to con internet users out of their hard-earned cash.
“In the summer of 2020 we took down 280 scam pages as part of the Classiscam scheme, and by December that number grew 10-fold and reached up to 3000 pages,” said Yaroslav Kargalev, deputy head of CERT-GIB.
“We see that Classiscammers are now actively migrating from Russia to Europe and other countries. It’s not the first time that Russia has served as a testing ground for cyber-criminals with global ambitions.”
The groups publish ads for popular products on marketplaces and classified websites, with prices marked down to spark interest from buyers. Consumer electronics such as cameras, game consoles, laptops and smartphones are often listed.
Once the buyer gets in touch, the scammer typically takes the conversation off the marketplace to WhatsApp or other messenger channels, using local phone numbers to add authenticity.
The fraudster then asks for the victim’s delivery and contact information and sends a phishing link mimicking the real marketplace, which takes the user to a fake payment page.
Telegram bots are used to generate the ready-to-use phishing pages, streamlining the process and lowering the bar to entry for non-techie cyber-criminals.
Cybercrime groups using the service typically include three types of operative: admins, workers and callers.
Admins are responsible for recruiting new members, creating the scam pages and taking action when a bank blocks the victim’s transaction. Workers communicate directly with victims, while callers pretend to be tech support specialists.
Group-IB estimated that the most active groups make as much as $522,000 per month.
“So far, the scam’s expansion in Europe is hindered by language barriers and difficulties with cashing our stolen money abroad,” said Dmitriy Tiunkin, head of Group-IB Digital Risk Protection Department, Europe.
“Once the scammers overcome these barriers, Classiscam will spread in the West. The downside of popularity is competition among scammers, who sometimes frame each other without knowing it.”
The Singapore-based cybersecurity company claimed in a new report that “Classiscam” first appeared in Russia in the summer of 2019, but soon migrated west and hit a peak of activity over 2020 as remote workers surged online to shop.
There are now at least 40 active groups using the scam packages to con internet users out of their hard-earned cash.
“In the summer of 2020 we took down 280 scam pages as part of the Classiscam scheme, and by December that number grew 10-fold and reached up to 3000 pages,” said Yaroslav Kargalev, deputy head of CERT-GIB.
“We see that Classiscammers are now actively migrating from Russia to Europe and other countries. It’s not the first time that Russia has served as a testing ground for cyber-criminals with global ambitions.”
The groups publish ads for popular products on marketplaces and classified websites, with prices marked down to spark interest from buyers. Consumer electronics such as cameras, game consoles, laptops and smartphones are often listed.
Once the buyer gets in touch, the scammer typically takes the conversation off the marketplace to WhatsApp or other messenger channels, using local phone numbers to add authenticity.
The fraudster then asks for the victim’s delivery and contact information and sends a phishing link mimicking the real marketplace, which takes the user to a fake payment page.
Telegram bots are used to generate the ready-to-use phishing pages, streamlining the process and lowering the bar to entry for non-techie cyber-criminals.
Cybercrime groups using the service typically include three types of operative: admins, workers and callers.
Admins are responsible for recruiting new members, creating the scam pages and taking action when a bank blocks the victim’s transaction. Workers communicate directly with victims, while callers pretend to be tech support specialists.
Group-IB estimated that the most active groups make as much as $522,000 per month.
“So far, the scam’s expansion in Europe is hindered by language barriers and difficulties with cashing our stolen money abroad,” said Dmitriy Tiunkin, head of Group-IB Digital Risk Protection Department, Europe.
“Once the scammers overcome these barriers, Classiscam will spread in the West. The downside of popularity is competition among scammers, who sometimes frame each other without knowing it.”