The so-called Classiscam scheme was discovered by Group-IB researchers who came across an automated scam-as-a-service designed to harvest money and payment data.
The Classiscam Scheme Explained
Group-IB came across an automated scam-as-a-service operation using Telegram bots and ready-to-use pages that mimicked classifieds, marketplaces, and delivery services.
First tested in Russia, the Classiscam is spreading across scammers in other countries as well. According to the researchers’ discoveries, at least 20 large groups currently leveraging the scheme model operate in Bulgaria, the Czech Republic, France, Poland, Romania, the US, and post-Soviet countries, while 20 more groups work in Russia. These 40 groups altogether made at least USD 6.5 mln in 2020, Group-IB said.
Furthermore, it appears that scammers are actively abusing brands of popular international classifieds and marketplaces, such as Leboncoin, Allegro, OLX, FAN Courier, Sbazar, and many more. The researchers sent notifications to the affected brands so that they can protect their companies from the scammers.
“Fighting the scam requires joint efforts by classifieds, marketplaces, and delivery services. It is also key to use advanced digital risk protection technology to ensure that any brand impersonating attacks are quickly detected and taken down,” the expert team said.
How does Classiscam work?
The scheme is based on scammers publishing bait ads on well-known marketplaces and classified websites. The ads usually feature various tech gadgets such as cameras, laptops, and game consoles, which are offered for sale at “deliberately low prices.” Once a potential buyer is lured into contacting the seller, the conversation will move to a messenger such as WhatsApp.
“It’s noteworthy that scammers pose as both buyers and sellers. To be more persuasive, the scammers use local phone numbers when speaking with their victims. Such services are offered in the underground,” the report noted.
Why is the Classiscam so successful?
Despite the many efforts of marketplaces and classifieds selling user goods to counter fraud attempts, users continue to fall for scams aiming at their personal and financial data. The way the operation works is similar to the mechanisms of other scams. Victims are typically asked to reveal their contact details “to allegedly arrange a delivery.”
The victim is later lured into opening an URL address leading them to a fake site mimicking a courier service or a classified/marketplace. There, the victim is prompted to reveal payment details. “Another scenario invlolves a scammer contacting a legitimate seller under the guise of a customer and sending a fake payment form mimicking a marketplace and obtained via Telegram bot, so that the seller could reportedly receive the money from the scammer,” the report revealed.
In April 2020, Australians financially impacted by the coronavirus pandemic were targeted by fraudsters attempting to steal their superannuation funds. In 2019, Australians lost more than $6 million to superannuation scams. People aged between 45 and 54 lost the most money.