• $64.5m scam-as-a-service operation scales to target brands in 15 MEA countries
• Classiscammers have introduced new innovations, such as phishing schemes designed to harvest the credentials of victim’s online bank accounts, and some groups have begun to use information stealers. 
• The automated scheme uses Telegram bots to assist with the creation of ready-to-use phishing pages impersonating companies in a range of industries,

Singapore-based cybersecurity firm Group-IB revealed that the scam-as-a-service operation Classiscam is continuing its worldwide campaign well into 2023.

Classiscam originally appeared in Russia, where the scheme was tried and tested before being launched across the globe.

The scam-as-a-service affiliate program surged in popularity in spring 2020 with the emergence of Covid-19 and the subsequent uptick in remote working and online shopping.

The automated scheme uses Telegram bots to assist with the creation of ready-to-use phishing pages impersonating companies in a range of industries, including online marketplaces, classified sites, and logistics operators.

These phishing pages are designed to steal money, payment data, and recently in some cases, bank login credentials from unsuspecting internet users.

According to Group-IB’s findings, 251 unique brands in a total of 79 countries were featured on Classiscam phishing pages from first half of 2021 to first half of 2023.

Brings new innovations

In addition, the phishing templates created for each brand can be localised to different countries by editing the language and currency featured on the scam pages.

As a result, one particular logistics brand was impersonated by “Classiscammers” targeting users in as many as 31 countries.

Since the second half of 2019, when the Group-IB Computer Emergency Response Team (CERT-GIB) in cooperation with the company’s Digital Risk Protection unit first identified Classiscam’s operations, 1,366 separate groups leveraging this scheme have been discovered on Telegram.

Group-IB experts examined Telegram channels containing information pertaining to 393 Classiscam groups with more than 38,000 members that operated between first half of 2020 and first half of 2023. During this period, these groups made combined estimated earnings of $64.5 million.

Group-IB has noted how the threat actors behind Classiscam have worked, since inception, to formalise and expand the scam model’s operations.

From 2022 onwards, Classiscammers have introduced new innovations, such as phishing schemes designed to harvest the credentials of victim’s online bank accounts, and some groups have begun to use information stealers. 

Group-IB experts noticed how the scam scheme was exported first to Europe, before entering other global regions, such as the United States, the Asia-Pacific region, and the Middle East and Africa (MEA).

Low barrier of entry

“Classiscam shows no sign of slowing down and over the past year, we have seen scam groups adopt a new, expanded hierarchy, and roles within organisations are becoming increasingly specialised,”  Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team (MEA), at Group-IB, said.

Furthermore, he said that Classiscam will likely remain one of the major global scam operations throughout 2023 due to the scheme’s full automation and low technical barrier of entry.

As of first half of 2021, Classiscammers had targeted internet users in 30 countries as of first half of this year, the figure has risen to 79. In the same time period, the number of targeted brands on the global market has increased from 38 to 251.

More than 61 per cent of the Classiscam resources analysed by Group-IB experts that were created between first half of  2021 and first half of 2023 targeted users in Europe. Other heavily targeted regions were the Middle East and Africa (18.7% of resources) and the Asia-Pacific region (12.2%).

With the MEA region being the second most targeted by Classiscam, countries in the region encountered challenges with targeted brand activities. The UAE was no exception to this, with its emphasis on technological innovation and many large and prominent brands operating in the country.

“In response to the rising amount of cyberattacks in recent years, the UAE has introduced a multifaceted approach to cybersecurity erected by five pillars. By fortifying global collaboration, encouraging Public Private Partnerships (PPPs), reinforcing cybersecurity measures, nurturing innovation, and promoting a cyber-literate society, the UAE is actively remediating the impact of cyber incidents,” Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, said.

Related Posts:

• Need of the hour is to embrace real-time security posture analysis
• What is the point of cybersecurity?
• It’s 2023, do you know where your truth is?