Dozens of criminal gangs post fake ads in popular online markets to lure unsuspecting users to "fraudulent" shopping sites or sites. Phishing pages that steal data payment. Some of the brands that have been abused cybercriminals to carry out their scams are extremely popular in Europe and include LeBonCoin, Allegro, OLX, Sbazar, FAN Courier, Lalafo, Kufar and DHL. This scam was first discovered in Russia by its security investigators Group-IB, in the summer of 2019. This scam, which the researchers named “Classiscam”, increased from 280 fraud pages to about 3.000 in less than a year.
However, this malicious "operation" was not limited to Russia, but has spread to other countries such as Bulgaria, France, the Czech Republic, Poland and Romania.
At least 40 gangs are running Classiscam, 20 of which are linked to Russia. The most profitable of them earn over $ 500.000 a month. Group-IB estimates that gangs operating in European countries have an average monthly profit of $ 61.000. In addition, fraudsters are estimated to have earned more than $ 6,5 million in 2020.
Scammers place ads in popular markets and ads that claim to offer a variety of products (cameras, game consoles, laptops, smartphones) at low prices. When someone is contacting them, the scammers transfer the conversation to a third-party messaging service. Group-IB also reports that fraudsters use local phone numbers when talking to a potential victim.
It is worth noting that fraudsters can present themselves as both sellers and buyers. When they pretend to be customers, they send a fake payment form received from one Telegram bot that "falsifies" a market. The seller then receives a fake form requesting card details to receive the alleged payment.
According to Group-IB, Classiscam does not require technical knowledge, as do Telegram bots provide a complete phishing kit. The scammer simply needs to send the chatbot a link to the "bait" product.
The researchers point out that there are more than 10 types of Telegram bots for brands in different countries. Operators also provide scripts that help scammers connect to foreign sites and speak to victims in their local language. By observing the Telegram bots, the researchers were able to see the details of the deals made by the scammers. They found that the managers get 20% -30% of the stolen money, while the associates who carry out the fraud get the rest.
Scams sometimes involve callers pretending to be customer support specialists. They get the smallest share (up to 10% of the stolen money).
By the end of 2020, Classiscam had more than 5.000 scammers.
Group-IB tried to contact all brands abused by Classiscam phishing activities, but despite the scale of the scam, there was no response, Dmitriy Tiunkin, head of Group-IB's Digital Risk Protection Department, told BleepingComputer. Europe. The investigator also stated that they are not aware of any law enforcement investigations into these thefts in Europe or the USA. This can be explained by the fact that Classiscam has just begun to expand in these areas. However, the Russian authorities are monitoring the fraud and have already arrested fraudsters who published it fake advertisements.
Finally, Group-IB offers users some measures to protect themselves from Classiscam and other fraud attempts:
- Check URLs for payment details before providing details, especially if the link was received through a messaging app
- Keep the conversation on the official platform that mediates the transaction, so that it can serve as proof in case of attempted fraud
- Do not agree to deals that include prepaid transaction. Pay only after you receive the products you order
- Be careful when you see big discounts or incredibly low prices, as they may act as bait for a phishing page