Scam-as-a-Service ‘Classiscam’ Uses Telegram to Steal Millions
Researchers at Group-IB have identified a new scam-as-a-service that utilizes private messaging apps such as Telegram and WhatsApp to steal millions from its victims. The scam, dubbed Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate cybergangs. So far it is estimated that these cybergangs have made at least $6.5 million using the service throughout 2020.
Cyber-criminals who have bought the service begin their scam by publishing ‘bait ads’ on popular marketplaces and classified websites. These bait ads typically advertise products such as cameras, gaming consoles, laptops, and smartphones at deliberately set low prices. If a potential victim contacts the seller, they are asked to switch to a third-party messenger app, either WhatsApp or Telegram, in order to continue with the ‘purchase.’
If the conversation moves to Telegram, in which case the threat actors will utilize bots to continue communicating with the victim. With regards to Telegram, bots are accounts that operate by software, not people, and will utilize artificial intelligence in order to pass as human. At this stage, the attackers will only need to send the bot a link to the bait product for it to generate a full phishing kit. The phishing kit includes a link to either a fake popular courier service, such as DHL, or a scam website that is set up to mimic either a classified or a marketplace with a payment form.
Some of these fake pages even include a “refund” page that offers fake support lines for victims to call if they have realized they have been scammed. The “tech support” team is a member of the cybercriminal gang using the service. As a result of all this, the threat actor can obtain payment data and/or withdraws money through a fake merchant website. Another potential scenario involves a scammer contacting a legitimate seller under the guise of a customer and sending a fake payment form mimicking a marketplace and obtained via a Telegram bot. That seller could then receive the money from the scammer.
Researchers at Group-IB discovered at least 40 groups using Classiscam, with each running a separate Telegram chat-bot. At least 20 of these groups have focused on European countries, and, on average, make $61,000 a month. It’s believed that the 40 most active groups average $522,000 per month in total.
Sources: