A newly uncovered Russian-based cybercrime operation has been helping classified ad scammers steal more than $6.5 million from victims across the US, Europe, and the former Soviet States. Cyber-security firm Group-IB has been investigating the operation that they describe as a scam-as-a-service and named it Classiscam. Their report says that the scam began in early 2019 and initially only targeted Russian-based online markets and classified ad portals. The group expanded its operations last year by recruiting other scammers who could target users with other languages. Currently, the scammers are active in more than a dozen other countries. The scam operates by creating ads for non-existent products like cameras, gaming consoles, computers, smartphones, and other items that are priced well below market value. Once an interested buyer contacts the scammer, they would request the potential buyer to provide information to arrange the delivery of the product. After that is done, the attacker would then use a Telegram bot to generate a phishing page that mimics the original marketplace and uses a look-alike domain. Then the scammer sends a link to the look-alike domain that also contains payment details. Once the victim provides the payment details, the criminals use that data and attempt to purchase other items for themselves. The report from Group-IB claims that this is a very sophisticated operation with more than 5000 “workers” and had more than 40 Telegram channels at the end of 2020.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in