The Classiscam scam-as-a-service operation has grown into a $64.5 million worldwide threat, infiltrating 79 countries, according to cybersecurity experts at Group-IB.
The operation relies on Telegram bots to streamline the creation of convincing phishing pages impersonating brands across industries such as online marketplaces, classified sites and logistics firms. These pages aim to extract victims’ money, payment data and bank login credentials.
Group-IB’s analysis revealed that between H1 2021 and H1 2023, 251 unique brands were targeted by Classiscam phishing pages. These adaptable templates can be localized for different countries by adjusting language and currency, allowing scammers to target users efficiently. A single logistics brand was mimicked across 31 countries, showcasing the operation’s extensive global impact.
Since its identification in late 2019, Group-IB’s Computer Emergency Response Team (CERT-GIB) has identified over 1366 distinct Classiscam groups on Telegram. Analyzing 393 Classiscam groups operating between H1 2020 and H1 2023, with over 38,000 members, revealed a combined estimated profit of $64.5 million.
Read more on Classiscam: Dozens of Russian Groups Steal 50 Million User Passwords
Initially emerging in Russia, Classiscam gained traction during the Covid-19 pandemic, expanding from Europe to encompass the United States, Asia-Pacific, Middle East and Africa. By H1 2023, it had targeted 79 countries and 251 brands, a substantial rise from the initial 38.
The majority of victims (62.2%) were based in Europe, followed by the Middle East and Africa (18.2%), and the Asia-Pacific (13%). Germany, Poland, Spain, Italy and Romania experienced the highest number of transactions registered in Classiscam chats.
On a global scale, Classiscam victims lost an average of $353 each. However, among all countries, UK users faced the highest average losses to the scammers, with fraudulent transactions averaging $865. Luxembourg, Italy and Denmark followed closely with average losses per transaction of $848, $774 and $730, respectively.
Classiscam’s evolution from basic classified ads to intricate automated phishing pages has been facilitated by Telegram bots. Group-IB researchers also noted increased specialization within scam groups, creating a more efficient hierarchy.
With Classiscam’s persistent threat, Group-IB said it would continue monitoring activities, working with law enforcement and affected brands. Brands are encouraged to adopt Digital Risk Protection solutions to proactively combat phishing domains and avoid falling victim to scams.