A large-scale scam company, Classiscam, has been active for at least three years in the world thanks to a very surprising approach.
Classiscam is an out-of-the-ordinary scam operation, first discovered in Europe in 2019 and presumably originating in Russia, which continues to expand in Europe, the United States and Asia. If the principle of the scam is not revolutionary, its size and its mode of distribution attract attention.
The principle of Classiscam
Initially active in Russia, which computer security experts strongly suspect of being the place of origin of Classiscam, this system of massive fraud in banking information has subsequently known, so to speak, a great success. Indeed, Internet users have been victims in more than 64 countries including France, mainly in Europe and North America.
Classiscam’s modus operandi has also benefited greatly from the pandemic and the resulting confinement, during which online purchases have multiplied.
Concretely, scammers post advertisements for the sale of consoles or smartphones, at very reduced prices, in online sales places. When someone contacts them, they try to redirect the discussion to a messenger (WhatsApp, for example), on which they send a link to a fake payment page. And of course, when the victim enters their banking information, the administrators of these sites have direct access to it, in clear text.
Why does Classiscam stand out?
What is remarkable with Classiscam is not necessarily the innovation in the scam, but the scale at which it is practiced on the one hand: it is estimated that more than 90 groups of hackers use this system. And for each of these groups, there must be personnel. Because the creation of pages, fake advertisements, the registration of new accounts, the treatment of the recovered information, and especially the discussion with the victims require manpower. A profitable investment, since nearly 30 million dollars have been defrauded in this way since 2020.
On the other hand, the very principle of Classiscam makes the system quite exceptional. Because its creators, a priori, do not use it themselves. On the other hand, those who do must pay to be able to use this “service”. If it were a legal company, the principle would therefore be to pay for a license to use software, for example. Completely automated, this system allows people with no experience in the field to launch their small scam business, making it even more difficult to fight.
Sources: The Hacker News, Group-IB, Panda Security
1