Russian-Signature Scheme “Classiscam” Now Expanding to Europe

  • “Classiscam” operators are expanding their operations to European marketplaces.
  • The scammers are taking victims to IM tools like WhatsApp, and from there, to phishing sites.
  • Each of the 40 groups of actors participating is making an average of $61,000 per month.

The scheme known as “classiscam” concerns tricking people through fake classifieds on legitimate marketplaces, impersonating brands, and also delivery services. They first appeared in Russia about 18 months ago and peaked in the spring of 2020 as the world switched to remote working.

According to the latest reports from Group-IB researchers, they are now growing in Europe too, and it appears that the scammers are still mostly the same Russian actors.

Source: Group-IB

Group-IB has found Telegram bots that provide ready-made mimicking pages for the easy creation of fake but convincing classifieds. There are at least 20 large groups involved in the “classiscam” scheme that operate directly from Russia, and another 20 groups based in Poland, Romania, Bulgaria, the United States, and various post-Soviet countries.

The impersonated marketplaces include Leboncoin, Allegro, OLX, FAN Courier, Sbaza, and others. According to Group-IB’s estimations, the scammers made over $6.5 million in 2020 alone.

The ads usually offer popular consumer electronic items such as gaming consoles, laptops, smartphones, or cameras, and their price tags are set to a “too good to be true” range. When a victim is lured, the seller is taking them to WhatsApp by sharing a local number for an extra touch of persuasion. Because communications are taken outside the marketplaces the platforms don’t have a way to spot the scammers and ban them, while the victims are entering a space where they’re more vulnerable.

On WhatsApp, the scammer asks the victim to provide their contact and delivery information and shares a URL to a cloned courier service website. In other cases, fake payment sites are used for phishing the credentials from the victim and taking over their PayPal or online banking accounts. This way, the groups make an average of $61,000 per month, so the business is going very well for them.

Source: Group-IB

This is why the groups are constantly recruiting new members, create new phishing and scamming pages, and generally extend their operations as quickly as practically possible. According to Group-IB, apart from the workers and the admins responsible for the scheme material and the scamming activities, there are also callers involved who pretend to be tech support specialists. All in all, the researchers estimate the number of crooks involved in the “classicscam” operations to be around 5,000.

REVIEW OVERVIEW

Latest

Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari