The notorious “Classiscam” scam-as-a-service operation has significantly extended its global reach, directing its efforts toward a broader range of brands, countries, and industries, resulting in heightened financial havoc.
This operation, akin to ransomware-as-a-service models, utilizes Telegram-based channels to recruit affiliates who employ phishing kits to fabricate counterfeit ads and webpages. These deceitful platforms are designed to pilfer money, credit card information, and, more recently, banking credentials from unsuspecting victims.
Following a revenue-sharing scheme, the developers and affiliates collaborate, with the former receiving 20-30% of the proceeds and the latter claiming the remainder.
Group-IB first uncovered this criminal enterprise in 2019, observing its rapid expansion and collaboration with 40 cybercrime gangs that amassed $6.5 million in 2020. In 2021, the Classiscam operation evolved further, encompassing 90 Telegram channels distributing scam kits, engaging 38,000 registered members, and resulting in an estimated $29 million in total damages.
Group-IB’s latest findings indicate that Classiscam’s earnings have soared to $64.5 million, as it exploits classifieds sites to swindle users and pilfer their funds and payment card information.
The operation’s scope has also expanded to encompass 251 targeted brands, with 393 criminal gangs operating across 79 countries and coordinating through a vast network of 1,366 Telegram channels. As Europe remains a primary focus, particularly Germany, Poland, Spain, Italy, and Romania, users in the UK suffered the highest average loss per Classiscam transaction at $865, underscoring the severity of this threat.
