Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Group-IB researchers in a new report analyze the scam-as-a-service Classiscam, thanks to which the income of cybercriminals since its appearance in 2019 has reached 64.5 million. USD And four years later he continues to work.
Classiscam campaigns initially began on classified websites, where scammers placed fake advertisements and used social engineering methods to convince users to pay for goods by transfer to bank cards.
Since then, Classiscam campaigns have become more automated and can be run on a variety of other services, including marketplaces or car sharing platforms.
The majority of casualties were in Europe (62.2%), followed by the Middle East and Africa (18.2%) and Asia-Pacific (13%). The largest number of fraudulent transactions recorded in Classiscam are in Germany, Poland, Spain, Italy and Romania.
Users in the UK lost the most money on average to Classiscammers, as the average transaction cost was $865. Next on the list were users from Luxembourg ($848 per transaction), Italy ($774) and Denmark ($730).
Classiscam, first discovered in 2019, is an umbrella term for an operation spanning 1,366 different groups on Telegram. The activity first targeted Russia and then spread throughout the world, penetrating 79 countries and impersonating 251 brands. Massive attacks began during the COVID-19 pandemic in 2020, fueled by the rise of online shopping.
Group-IB reported that Classiscam is the same as Telekopye, which Slovakia's ESET reported last week as a phishing kit for creating fake pages based on ready-made templates.
Deception of users is achieved by going to instant messenger chats, where links are not blocked. Phishing pages are created on the fly using Telegram bots.
Campaigns targeting a specific group of countries also include fake login pages for local banks. Credentials are collected by scammers for further authorization and transfer of money to controlled accounts.
In total, Classiscammers created resources that simulated the login pages of 35 banks in 15 countries.*Targeted banks included banks from Belgium, Canada, the Czech Republic, France, Germany, Poland, Singapore and Spain.
Classiscam operators can act as both buyers and sellers. In the first case, the attackers claim that payment for the item has been made and trick the victim (i.e., the seller) into paying for shipping or entering their card details to complete the verification through a phishing page.
Classiscam groups used to have a pyramidal hierarchy consisting of three separate levels: administrators, who were responsible for recruiting new members and creating scam pages; workers who interacted with the victims; and callers posing as technical support specialists.
As of spring 2023, this pyramid has expanded and Classiscam groups now contain more people performing increasingly specialized tasks.
A significant change in the methods of operation of some groups is associated with the use of information stealers to collect passwords from browser accounts and transfer data. Group-IB said it has identified 32 such groups that have moved from conducting traditional Classiscam attacks to launching theft campaigns.
As thieves families become more reliable, multifaceted and accessible, they not only lower the barrier to entry into financially motivated cybercrime, but also act as a precursor to ransomware, espionage and other post-compromise tasks.
Classiscam campaigns initially began on classified websites, where scammers placed fake advertisements and used social engineering methods to convince users to pay for goods by transfer to bank cards.
Since then, Classiscam campaigns have become more automated and can be run on a variety of other services, including marketplaces or car sharing platforms.
The majority of casualties were in Europe (62.2%), followed by the Middle East and Africa (18.2%) and Asia-Pacific (13%). The largest number of fraudulent transactions recorded in Classiscam are in Germany, Poland, Spain, Italy and Romania.
Users in the UK lost the most money on average to Classiscammers, as the average transaction cost was $865. Next on the list were users from Luxembourg ($848 per transaction), Italy ($774) and Denmark ($730).
Classiscam, first discovered in 2019, is an umbrella term for an operation spanning 1,366 different groups on Telegram. The activity first targeted Russia and then spread throughout the world, penetrating 79 countries and impersonating 251 brands. Massive attacks began during the COVID-19 pandemic in 2020, fueled by the rise of online shopping.
Group-IB reported that Classiscam is the same as Telekopye, which Slovakia's ESET reported last week as a phishing kit for creating fake pages based on ready-made templates.
Deception of users is achieved by going to instant messenger chats, where links are not blocked. Phishing pages are created on the fly using Telegram bots.
Campaigns targeting a specific group of countries also include fake login pages for local banks. Credentials are collected by scammers for further authorization and transfer of money to controlled accounts.
In total, Classiscammers created resources that simulated the login pages of 35 banks in 15 countries.*Targeted banks included banks from Belgium, Canada, the Czech Republic, France, Germany, Poland, Singapore and Spain.
Classiscam operators can act as both buyers and sellers. In the first case, the attackers claim that payment for the item has been made and trick the victim (i.e., the seller) into paying for shipping or entering their card details to complete the verification through a phishing page.
Classiscam groups used to have a pyramidal hierarchy consisting of three separate levels: administrators, who were responsible for recruiting new members and creating scam pages; workers who interacted with the victims; and callers posing as technical support specialists.
As of spring 2023, this pyramid has expanded and Classiscam groups now contain more people performing increasingly specialized tasks.
A significant change in the methods of operation of some groups is associated with the use of information stealers to collect passwords from browser accounts and transfer data. Group-IB said it has identified 32 such groups that have moved from conducting traditional Classiscam attacks to launching theft campaigns.
As thieves families become more reliable, multifaceted and accessible, they not only lower the barrier to entry into financially motivated cybercrime, but also act as a precursor to ransomware, espionage and other post-compromise tasks.
