A global credit card stealing operation has expanded to Singapore, according to details recently released by Group-IB security researchers. The operation, dubbed “Classicscam,” is a fully automated “scam as a service” platform that targets users of classifieds sites, banks, cryptocurrency exchanges, delivery companies, moving companies, and other types of service providers. It relies on Telegram channels (90 active right now) for promotion and operational coordination; since 2019 when it launched, it is estimated to have caused over $29 million in damages. According to Group-IB, the criminal network currently has 38,000 registered users who receive 75% of the stolen funds, while platform administrators receive 25%.
Due to the automated nature of the scam sites, end users and customers of organizations can be targeted swiftly. Phishing sites produced by the automated platform typically last only for a few days, and contain substantial sections that link back to an organization’s valid website; this makes rogue sites created by Classicscam difficult to detect and take down before funds are stolen.
The scam operates by convincing a user or employee that processing fees or delivery fees require the input of credit card information. Organizations should emphasize cyber security awareness training for both customers and employees that highlights typical features of such scams; in particular, at no point should a seller of an item or service be required to input their own credit card information for delivery or processing fees, especially for a bank or other financial service provider. Users should also be encouraged to only work with reputable platforms to which they navigate directly, and users should also be alert to any redirections to misspelled domains. Organizations should clearly communicate to users in regards to which appropriate communications channels and domains for their services should be trusted.