Russian-Signature Scheme “Classiscam” Now Expanding to Europe

By Bill Toulas / January 15, 2021

The scheme known as “classiscam” concerns tricking people through fake classifieds on legitimate marketplaces, impersonating brands, and also delivery services. They first appeared in Russia about 18 months ago and peaked in the spring of 2020 as the world switched to remote working.

According to the latest reports from Group-IB researchers, they are now growing in Europe too, and it appears that the scammers are still mostly the same Russian actors.

Source: Group-IB

Group-IB has found Telegram bots that provide ready-made mimicking pages for the easy creation of fake but convincing classifieds. There are at least 20 large groups involved in the “classiscam” scheme that operate directly from Russia, and another 20 groups based in Poland, Romania, Bulgaria, the United States, and various post-Soviet countries.

The impersonated marketplaces include Leboncoin, Allegro, OLX, FAN Courier, Sbaza, and others. According to Group-IB’s estimations, the scammers made over $6.5 million in 2020 alone.

The ads usually offer popular consumer electronic items such as gaming consoles, laptops, smartphones, or cameras, and their price tags are set to a “too good to be true” range. When a victim is lured, the seller is taking them to WhatsApp by sharing a local number for an extra touch of persuasion. Because communications are taken outside the marketplaces the platforms don’t have a way to spot the scammers and ban them, while the victims are entering a space where they’re more vulnerable.

On WhatsApp, the scammer asks the victim to provide their contact and delivery information and shares a URL to a cloned courier service website. In other cases, fake payment sites are used for phishing the credentials from the victim and taking over their PayPal or online banking accounts. This way, the groups make an average of $61,000 per month, so the business is going very well for them.

Source: Group-IB

This is why the groups are constantly recruiting new members, create new phishing and scamming pages, and generally extend their operations as quickly as practically possible. According to Group-IB, apart from the workers and the admins responsible for the scheme material and the scamming activities, there are also callers involved who pretend to be tech support specialists. All in all, the researchers estimate the number of crooks involved in the “classicscam” operations to be around 5,000.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari