Raise It With Press Release

Technology Commerce / Lifestyle Food / Beverage Education Real Estate / Architecture

About us Pricing Media Partners PR College

Get Guaranteed Publications in minimum 40 Media Outlets for Just ~~S$50~~ S$25

/ Group-IB Exposes Scam-as-a-Service Operation Profiting USD $64.5 Million by Targeting APAC Brands

Group-IB Exposes Scam-as-a-Service Operation Profiting USD $64.5 Million by Targeting APAC Brands

PINPOINT PRSeptember 04 2023 00:00

-Group-IB's latest findings shed light on an ongoing scam-as-a-service operation known as Classiscam. -Substantial Profits: This operation has already generated a staggering USD $64.5 million for the scammers. -APAC Target: The operation's primary focus has been targeting reputable brands within the Asia-Pacific (APAC) region.

Singapore, August 31, 2023 — Group-IB, a global cybersecurity leader headquartered in Singapore, can reveal that the scam-as-a-service operation Classiscam is continuing its worldwide campaign well into 2023. In a new blog, Group-IB analysts detail how the automated scheme uses Telegram bots to assist with the creation of ready-to-use phishing pages impersonating companies in a range of industries, including online marketplaces, classified sites, and logistics operators. These phishing pages are designed to steal money, payment data, and recently in some cases, bank login credentials from unsuspecting internet users.

According to Group-IB’s findings, 251 unique brands in a total of 79 countries were featured on Classiscam phishing pages from H1 2021 to H1 2023. In addition, the phishing templates created for each brand can be localized to different countries by editing the language and currency featured on the scam pages. As a result, one particular logistics brand was impersonated by “Classiscammers” targeting users in as many as 31 countries.

Within the APAC region, the country with the highest number of brands targeted by Classiscammers was Australia (34.6% of regional total). Other heavily affected countries were India (11.5%), Hong Kong (10.3%), Singapore (7.7%), Sri Lanka (7.7%), and Malaysia (5.1%).

Since the second half of 2019, when the Group-IB Computer Emergency Response Team (CERT-GIB) in cooperation with the company’s Digital Risk Protection unit first identified Classiscam’s operations, 1,366 separate groups leveraging this scheme have been discovered on Telegram. Group-IB experts examined Telegram channels containing information pertaining to 393 Classiscam groups with more than 38,000 members that operated between H1 2020 and H1 2023. During this period, these groups made combined estimated earnings of USD $64.5 million. Group-IB has noted how the threat actors behind Classiscam have worked, since inception, to formalize and expand the scam model’s operations. From 2022 onwards, Classiscammers have introduced new innovations, such as phishing schemes designed to harvest the credentials of victim’s online bank accounts, and some groups have begun to use information stealers.

In line with its mission of combating global cybercrime, Group-IB will continue to share its findings about Classiscam, drawn from the company’s proprietary Digital RIsk Protection solution, with law enforcement authorities. The primary aim of this research is to raise public awareness about the latest scamming methods and reduce the number of victims of this scam operation.

Gone global

Classiscam originally appeared in Russia, where the scheme was tried and tested before being launched across the globe. The scam-as-a-service affiliate program surged in popularity in spring 2020 with the emergence of COVID-19 and the subsequent uptick in remote working and online shopping.

Group-IB experts noticed how the scam scheme was exported first to Europe, before entering other global regions, such as the Asia-Pacific (APAC) region, the United States, and the Middle East and Africa (MEA). As of H1 2021, Classiscammers had targeted internet users in 30 countries. Group-IB experts can reveal that, as of H1 2023, this figure has risen to 79. In the same time period, the number of targeted brands on the global market has increased from 38 to 251.

Figure 1: Classiscam overview, H1 2021 – H1 2023.

More than 61% of the Classiscam resources analyzed by Group-IB experts that were created between H1 2021 and H1 2023 targeted users in Europe. Other heavily targeted regions were the Middle East and Africa (18.7% of resources) and the Asia-Pacific region (12.2%). A full breakdown of the share of targeted brands by region can be found in Figure 2 (below).

Figure 2: Regional breakdown of targets in Classiscam campaigns H1 2021 – H1 2023

Within the APAC region, the country with the highest number of targeted brands was Australia (34.6% of regional total). Other heavily affected countries were India (11.5%), Hong Kong (10.3%), Singapore (7.7%), Sri Lanka (7.7%), and Malaysia (5.1%).

Figure 3: By-country breakdown of brands targeted in APAC Classiscam campaigns H1 2021 – H1 2023

The average amount lost by Classiscam victims worldwide was $353, although UK users lost the most, on average, to Classiscammers, as the average fraudulent transaction was $865. Users in APAC and MEA were less likely to fall victim to Classiscam schemes, although victims in Singapore lost $682 on average to the scam. In Australia, this figure was $515, and in Saudi Arabia (MEA), successful Classiscam schemes saw victims lose, on average, $525.

Figure 4: Leaders in average amount charged per fraudulent Classiscam transaction in H1 2023

What’s new?

Classiscam was initially launched as a relatively straightforward scam operation. Cybercriminals created fake ads on classified sites, and leveraged social engineering techniques to trick users into “buying” the falsely-advertised goods or services, whether by transferring money directly to the scammers or by debiting money from the victim’s bank card.

Figure 5: Example of phishing link generated by Classiscam when scammers act as buyers.

Classiscam operations have become increasingly automated over the past two years. The scheme now utilizes Telegram bots and chats to coordinate operations and create phishing and scam pages in a handful of seconds, and many of the groups offer easy-to-follow instructions, and experts are on hand to help with other users’ questions. A full rundown of how the Classiscam scheme works in practice is provided in the below Figure 6.

Figure 6: Classiscam scam-as-a-service scheme.

Over the past year, Group-IB researchers have seen roles within scam groups become more specialized within an expanded hierarchy. Classiscam phishing pages can now include a balance check, which the scammers use to assess how much they can charge to a victim’s card, and fake bank login pages that they use to harvest users’ credentials. At the time of writing, Group-IB experts found 35 such scam groups that distributed links to phishing pages that include fake login forms for banking services. In total, Classiscam scammers created resources emulating the login pages of 63 banks in 14 countries. Among the targeted banks were those based in Belgium, Canada, Czech Republic, France, Germany, Poland, Singapore, and Spain.

Figurе 7: Example of balance check now introduced to some Classiscam phishing pages. In this example, the victim is instructed to enter their bank balance as part of a verification check.

“Classiscam shows no sign of slowing down and the ranks of the Classiscammers are continuing to swell. Over the past year, we have seen scam groups adopt a new, expanded hierarchy, and roles within organizations are becoming increasingly specialized. Classiscam will likely remain one of the major global scam operations throughout 2023 due to the scheme’s full automation and low technical barrier of entry,” Afiq Sasman, Head of Group-IB's Computer Emergency Response Team in the Asia Pacific, said.

Group-IB will continue to monitor global Classiscam campaigns, engaging with both law enforcement and affected brands to assist in efforts to take down these scams. Companies whose brand and likeness are impersonated by scammers are recommended to leverage Digital Risk Protection solutions that can actively monitor, identify, and take down phishing domains.

About PINPOINT PR

PINPOINT PR is assisting Group-IB with media relations. Group-IB, with its headquarters in Singapore, is one of the leading solutions providers dedicated to detecting and preventing cyberattacks, investigating high-tech crimes, identifying online fraud, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), Asia-Pacific (Singapore), and Europe (Amsterdam). Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat Intelligence, Managed XDR, Digital Risk Protection, Fraud Protection, Attack, Surface Management, Business Email Protection, Audit & Consulting, Education & Training, Digital Forensics & Incident Response, Managed Detection & Response, and Cyber Investigations. Group-IB’s Threat Intelligence system has been named one of the best in its class by Gartner, Forrester, and IDC. Group-IB’s Managed XDR, intended for proactively searching for and protecting against complex and previously unknown cyber threats, has been recognized as one of the market leaders in the Network Detection and Response category by KuppingerCole Analysts AG, the leading European analyst agency, while Group-IB itself has been recognized as a Product Leader and an Innovation Leader. Gartner has named Group-IB a Representative Vendor in Online Fraud Detection for its Fraud Protection. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks, with the company’s patented technologies at its core. Group-IB’s technological leadership and R&D capabilities are built on the company’s 20 years of hands-on experience in cybercrime investigations worldwide and over 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB. Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners. Group-IB's experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB's mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.

Contact

For more information, please contact: pr@group-ib.com +65 3159-3798 https://www.group-ib.com https://www.group-ib.com/blog