Since 2015, online marketplaces have surged in popularity, especially in developing nations, offering platforms for trading a vast array of goods, from used electronics to brand-new items. This digital transformation, however, has inadvertently paved the way for sophisticated scam operations. Among these, the Classiscam network has emerged as a particularly concerning threat, leveraging automation to craft convincing fake websites aimed at harvesting financial information from unsuspecting victims.
The Genesis and Evolution of Classiscam
First identified in 2019, Classiscam began its operations in Russia, targeting users on classified sites by placing fraudulent advertisements. Scammers employed social engineering techniques to convince users to pay for non-existent goods by transferring money to bank accounts controlled by the fraudsters. Over time, the operation expanded its reach, infiltrating 79 countries and impersonating 251 unique brands. The group’s activities have been particularly prevalent in Europe, accounting for over 60% of the attacks, with the United Kingdom experiencing the highest average loss per transaction at $865. ([scmagazine.com](https://www.scmagazine.com/news/classiscam-threat-group-leverages-automation-to-launch-phishing-attacks-in-79-countries?utm_source=openai))
Operational Tactics and Automation
Classiscam operates as a scam-as-a-service model, utilizing a network of coordinated participants with specific roles. These include fake support specialists who create counterfeit receipts, data input operators who handle stolen financial information, and executors who generate and distribute phishing websites through pre-configured Telegram bots. The automation aspect is particularly concerning, as Telegram bots allow operators to generate phishing links instantly by selecting target countries and services. The phishing pages are professionally designed, often including fake customer testimonials to build trust. ([thehackernews.com](https://thehackernews.com/2023/09/classiscam-scam-as-service-raked-645.html?utm_source=openai))
The Scam Process
The scam typically begins when fraudsters identify legitimate sellers on online marketplaces and pose as interested buyers. Instead of using the marketplaceās native messaging system, which is typically monitored for suspicious activity, these actors persuade sellers to continue communications via Telegram, creating a more private environment where they can execute their schemes without detection. Once communication moves to Telegram, fraudsters claim to be located far from the seller and suggest using a delivery service for the transaction. They provide links to convincing phishing websites that mimic legitimate logistics platforms, complete with professional-looking interfaces and payment forms designed to harvest banking credentials. ([thehackernews.com](https://thehackernews.com/2023/09/classiscam-scam-as-service-raked-645.html?utm_source=openai))
Technical Sophistication
The technical sophistication of Classiscam is evident in its infrastructure. Analysis of a phishing site revealed code designed to collect banking credentials and track victim information. When victims enter their information, all data is logged and sent to the scammers via the Telegram bot. This level of automation and coordination has allowed Classiscam to scale its operations rapidly, making it a formidable threat in the cybercrime landscape. ([thehackernews.com](https://thehackernews.com/2023/09/classiscam-scam-as-service-raked-645.html?utm_source=openai))
Global Impact and Financial Losses
The global impact of Classiscam is staggering. From its inception in 2019 through the first half of 2023, the network has reaped approximately $64.5 million in illicit earnings. The group’s activities have been particularly prevalent in Europe, accounting for over 60% of the attacks, with the United Kingdom experiencing the highest average loss per transaction at $865. Other regions, including the Middle East, Africa, and the Asia-Pacific, have also been targeted, demonstrating the group’s extensive reach. ([scmagazine.com](https://www.scmagazine.com/news/classiscam-threat-group-leverages-automation-to-launch-phishing-attacks-in-79-countries?utm_source=openai))
Recommendations for Users
To protect against such sophisticated scams, cybersecurity experts recommend maintaining all communications within marketplace platforms, carefully verifying external services, and never sharing sensitive financial information with unverified parties. Additionally, users should be cautious of unsolicited messages and offers that seem too good to be true, as these are often indicators of potential scams. ([thehackernews.com](https://thehackernews.com/2023/09/classiscam-scam-as-service-raked-645.html?utm_source=openai))
Conclusion
The rise of Classiscam underscores the evolving nature of cyber threats in the digital age. By leveraging automation and sophisticated social engineering tactics, these scammers have been able to exploit the trust and convenience associated with online marketplaces. As such, both users and platform operators must remain vigilant and proactive in implementing security measures to combat these ever-evolving threats.
