A newly uncovered Russian-based cybercrime operation has been helping classified ad scammers steal more than $6.5 million from victims across the US, Europe, and the former Soviet States. Cyber-security firm Group-IB has been investigating the operation that they describe as a scam-as-a-service and named it Classiscam. Their report says that the scam began in early 2019 and initially only targeted Russian-based online markets and classified ad portals. The group expanded its operations last year by recruiting other scammers who could target users with other languages. Currently, the scammers are active in more than a dozen other countries. The scam operates by creating ads for non-existent products like cameras, gaming consoles, computers, smartphones, and other items that are priced well below market value. Once an interested buyer contacts the scammer, they would request the potential buyer to provide information to arrange the delivery of the product. After that is done, the attacker would then use a Telegram bot to generate a phishing page that mimics the original marketplace and uses a look-alike domain. Then the scammer sends a link to the look-alike domain that also contains payment details. Once the victim provides the payment details, the criminals use that data and attempt to purchase other items for themselves. The report from Group-IB claims that this is a very sophisticated operation with more than 5000 “workers” and had more than 40 Telegram channels at the end of 2020.
Analyst Notes
To protect oneself from against Classiscam and other fraud attempts, the Group-IB report recommends the following actions: check the URL for payment details before giving any information, especially if it is received through a private message. If the link looks suspicious in any way, then it is probably malicious. Keep conversations on the official platform that would be able to mediate the transaction so they can serve as evidence if any fraud occurs. Do not participate in deals that involve prepaid transactions—pay only after the goods have either been received or verified. Unusually large discounts or amazingly low prices are generally a clue that the item is a fake. The adage, if it’s too good to be true then it isn’t true, should be applied in these cases.
Source Article: https://www.bleepingcomputer.com/news/security/telegram-based-phishing-service-classiscam-hits-european-marketplaces/
