Classiscam Scammers Deploy Automated Sites to Hijack Financial Data

Cybersecurity researchers have uncovered new details about the Classiscam operation, a sophisticated fraud-as-a-service scheme that has expanded its global footprint.

The criminal enterprise, which originated in Russia in 2019, has now infiltrated 79 countries and targets 251 brands across various industries.

Classiscam leverages an intricate network of Telegram bots and channels to generate phishing pages that mimic legitimate e-commerce, classified, and logistics websites.

These fraudulent sites are designed to steal financial data and credentials from unsuspecting victims.

AI-Enhanced Phishing and Automated Infrastructure

The operation has evolved to incorporate advanced technologies, including AI-generated phishing emails and voice cloning software, to create highly convincing scams.

Classiscam’s infrastructure has become increasingly automated, with Telegram bots capable of creating phishing and scam ad pages in mere seconds.

The cybercriminal groups behind Classiscam have implemented a hierarchical structure reminiscent of legitimate businesses.

According to the Report, this organization includes administrators, workers, and callers, each with specific roles in the fraud ecosystem.

Financial Impact and Targeting Strategy

Group-IB researchers estimate that Classiscam affiliates have amassed approximately $64.5 million in illicit earnings since the operation’s inception.

The scam primarily targets European countries, with Germany, Poland, Spain, Italy, and Romania experiencing the highest number of fraudulent transactions.

The average financial loss per Classiscam transaction globally is $353, with victims in the UK suffering the highest average losses at $865 per incident.

In a concerning development, Classiscam operators have broadened their tactics to include the creation of fake bank login pages.

This new strategy aims to harvest e-banking credentials from victims, potentially granting scammers direct access to financial accounts.

Analysts have identified 35 scam groups utilizing phishing sites that impersonate the login pages of 63 banks across 14 countries, including financial institutions in Belgium, Canada, the Czech Republic, France, Germany, Poland, Singapore, and Spain.

As Classiscam continues to evolve and expand its reach, cybersecurity experts urge increased vigilance among internet users.

Companies whose brands are being impersonated are advised to implement robust Digital Risk Protection solutions to monitor, identify, and take down fraudulent domains.

Meanwhile, consumers should exercise caution when engaging in online transactions, particularly on classified and marketplace websites, and avoid communicating with sellers outside of official platform channels.

Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates