Classiscam fraudsters are still going strong, racking up total victim losses of nearly $65 million since emerging from Russia several years ago to spread across the world. That’s the latest on the pyramidal crime syndicate from its cybersecurity nemesis, Group-IB.
The online criminal collective, which has become more sophisticated and nuanced since Group-IB shared its findings on Classiscam with Cybernews last year, has been using phishing campaigns to trick internet shoppers since 2019.
So-called “Classiscammers” typically impersonate legitimate classified sites, delivery services, hotel reservation portals, real estate rentals, e-tailers, carpooling services, and bank transfer platforms on bogus web pages designed to lure victims.
That ploy appears to have gone from strength to strength for Classiscam, which has seen its total estimated takings from cyber-grift more than double, from $30 million in August 2022 to $64.5 million one year on — and that’s just the stolen funds Group-IB has been able to track. These illicit profits are spread across nearly 400 sub-groups believed by Group-IB to be using the Classiscam template for digital fraud.
Group-IB says its digital detectives uncovered 1,366 separate Classiscam groups that “operated at any point between 2020 and 2023” and infiltrated Telegram channels belonging to 393 of these groups, which had more than 38,000 scammers between them.
Tech smart and AI-savvy
Originally a relatively straightforward operation, Classiscam has evolved to become more ingenious. Four years ago, its associate scammers manually created fake ads on digital marketplaces and classified sites, deploying social engineering techniques to trick users into ‘buying’ falsely advertised goods or services.
“Over time, Classiscam schemes have expanded to allow the fraudsters to pose as both buyers and sellers of items, and operations have become automated, which has lowered the barrier of entry for would-be participants,” said Group-IB. “Would-be cybercriminals can now leverage a range of automated tools to create a new Classiscam scheme – including a phishing site — in a handful of minutes.
This move to automation appears to reflect the growing trend among cybercriminals to leverage increasingly available AI-powered services. Bots are also being used to scale up Classiscam operations.
“Scammers now use Telegram bots and chats to coordinate operations and create phishing and scam pages in a handful of seconds, and many of the groups offer easy-to-follow instructions, and experts are on hand to help with other users’ questions,” said Group-IB.
It added: “Classiscam phishing pages can now include a balance check, which the scammers use to assess how much they can charge to a victim’s card, and fake bank login pages that they use to harvest users’ credentials, signifying that the scheme continues to evolve.”
Pyramid schemers add more tiers
Group-IB reports that scam groups affiliated with the pyramidal Classiscam syndicate have “become more specialized within an expanded hierarchy.”
Initially the structure of the syndicate consisted of three tiers: “admins” who set up operations including phishing web pages, “workers” who put the graft into the grift by carrying out social engineering campaigns, and “callers” who backed them up by posing as ‘technical support officers’ to help fool victims — giving the digital conman a human face, as it were.
Now our virtual pharoahs of crime have added two more levels to their nefarious enterprise: “developers” who specialize in creating and improving digital tools used by workers, and an extra support ‘department’ that offers (genuine) technical assistance to gang members as well as financial services.
And just how far does the pharoahs’ mighty cybercrime empire stretch, you might be asking?
According to Group-IB, quite far: at the time of writing, it has tracked Classiscam cyber-fraud campaigns in 79 countries — more than a third of the world’s total — with Europe targeted the most (384 schemes, around two-thirds of scam attempts using the model) followed by the Middle East and North Africa (112, roughly one in five).
Moreover, Classiscam’s mimicking of company brands ranges quite widely too — if cybercriminals can’t have their own legitimate business empires, they are evidently more than happy to impersonate those of others to get what they’re after.
Group-IB discloses that more than 250 “unique brands from various industries” have been impersonated on bogus Classiscam websites. Though, in characteristically clandestine fashion, it doesn’t tell us which ones.
They’ll hit you where it hurts
All joking aside, it’s fair to say that Classiscam is far from imperial-scale when it comes to the scope of its cybercrime ‘business.’ Compared to, say, the Ronin hackers who made off with $625 million in cryptocurrency in 2022, or the prolific Cl0p ransomware gang, its social engineering skulduggery might seem like small fry to some.
But according to Group-IB, individual losses from a single Classiscam range from $515 in Australia to $865 in the UK. If that was you or me on a Christmas spending spree, we might be forgiven for thinking Bad Santa had paid us a visit over the festive season — a loss like that at the wrong time can seriously mess with the household budget.
As such, Group-IB cautions all online shoppers to exercise due diligence to avoid becoming online fraud victims instead.
“Prior to entering your payment card details into any online form, verify the URL and perform a Google search to determine the creation date of the page you’re visiting,” it said. “If the site is relatively new, such as a couple of months old, it is likely to be a scam or phishing page.”
Meanwhile, businesses worried about their brand names or logos being hijacked by Classiscammers for illegal use are advised to fight fire with fire and opt for a shiny new AI solution.
“Traditional monitoring and blocking methods are insufficient against advanced scams,” said Group-IB. “Instead, it is crucial to employ AI-driven digital risk protection systems to identify and block adversary infrastructure. These systems regularly update their databases with information about adversary techniques, tactics, and new fraud schemes.”
In the interest of fair disclosure, it’s worth noting that Group-IB sells such systems and may therefore have an interest in making such a recommendation.
More from Cybernews:
Subscribe to our newsletter