A threat group called Classiscam that dates back to the summer of 2019 was found to launch phishing attacks in 79 countries worldwide, impersonating 251 unique brands and reaping a total of $64.5 million in stolen earnings.
In an Aug. 31 blog post, Group-IB researchers said they discovered 1,366 Classiscam groups operating from the first half of 2020 to the first six months of 2023. Analysts from Group-IB’s Digital Risk Protection unit infiltrated Telegram channels belonging to 393 of these groups, which had more than 38,000 participants.
These campaigns originally started out on classified sites on which scammers placed fake advertisements and used social engineering techniques to convince users to pay for goods by transferring money to bank cards, explained the researchers. But the threat actors techniques evolved over time as the campaigns have become highly automated and are run on a host of other services such as online marketplaces and carpooling sites.
While starting in Russia, the scammers moved on to Europe and then the United States, the Asia-Pacific region, and the Middle East and Africa. More than 60% of the attacks were in Europe. UK residents lost the most money as the average loss per transaction in the UK was $865.
By leveraging automation, the attackers have been able to scale using the same scripts and methods, explained Tim Morris, chief security advisor at Tanium. Morris said AI has helped with believable content or “bait” — also with calls, phone centers, elaborate and real-looking websites.
“They are prolific because the methods are easy to replicate, making the barrier to entry really low,” said Morris. “Any would-be criminal will find this as simple and lucrative. It requires very little technical know-how, just a willing con artist’s creativity. Plus, don’t leave out the human trafficking element here. Many people have been ‘enslaved’ in call centers to conduct these scams.”
