Russian-Signature Scheme “Classiscam” Now Expanding to Europe

  • “Classiscam” operators are expanding their operations to European marketplaces.
  • The scammers are taking victims to IM tools like WhatsApp, and from there, to phishing sites.
  • Each of the 40 groups of actors participating is making an average of $61,000 per month.

The scheme known as “classiscam” concerns tricking people through fake classifieds on legitimate marketplaces, impersonating brands, and also delivery services. They first appeared in Russia about 18 months ago and peaked in the spring of 2020 as the world switched to remote working.

According to the latest reports from Group-IB researchers, they are now growing in Europe too, and it appears that the scammers are still mostly the same Russian actors.

Source: Group-IB

Group-IB has found Telegram bots that provide ready-made mimicking pages for the easy creation of fake but convincing classifieds. There are at least 20 large groups involved in the “classiscam” scheme that operate directly from Russia, and another 20 groups based in Poland, Romania, Bulgaria, the United States, and various post-Soviet countries.

The impersonated marketplaces include Leboncoin, Allegro, OLX, FAN Courier, Sbaza, and others. According to Group-IB’s estimations, the scammers made over $6.5 million in 2020 alone.

The ads usually offer popular consumer electronic items such as gaming consoles, laptops, smartphones, or cameras, and their price tags are set to a “too good to be true” range. When a victim is lured, the seller is taking them to WhatsApp by sharing a local number for an extra touch of persuasion. Because communications are taken outside the marketplaces the platforms don’t have a way to spot the scammers and ban them, while the victims are entering a space where they’re more vulnerable.

On WhatsApp, the scammer asks the victim to provide their contact and delivery information and shares a URL to a cloned courier service website. In other cases, fake payment sites are used for phishing the credentials from the victim and taking over their PayPal or online banking accounts. This way, the groups make an average of $61,000 per month, so the business is going very well for them.

Source: Group-IB

This is why the groups are constantly recruiting new members, create new phishing and scamming pages, and generally extend their operations as quickly as practically possible. According to Group-IB, apart from the workers and the admins responsible for the scheme material and the scamming activities, there are also callers involved who pretend to be tech support specialists. All in all, the researchers estimate the number of crooks involved in the “classicscam” operations to be around 5,000.



Intel Revises Manufacturing Process Development Roadmap and it Looks Promising

Intel declares ready to leave the ear of massive delays behind and finally get back on track.The American chipmaker promises to release...

Kazakhstan Blocks LinkedIn Over Illegal Casino Advertisements and Fake Accounts

Kazakhstan says LinkedIn violated its online advertisement rules and posted casino ads on the platform.For this reason and also for the existence...

Monero Bug May Have Exposed the Privacy of Transactions for a Small Number of Users

Monero transactions could be de-obfuscated thanks to a nasty bug in the decoy algorithm.The flaw affects transactions made quickly after a user...