Global scam operation ‘Classiscam’ expanded to Singapore

Every year, millions are lost to scams globally despite consumers and employees being informed and advised on the numerous types of scams targeting them. In fact, businesses continue to invest heavily in training their employees on how to spot scams and to easily fall for them.

Yet the problem is that despite this, scammers are now becoming more braver in launching their cyber-attacks that target specific organizations. The demand for data and information has also led to new types of scams in recent times.

In Singapore, financial and banking scams continue to be a big problem in the country. Earlier this year, there were reports of Singaporeans losing huge sums of their funds due to smishing scam campaigns targeting bank accounts. While the issue has since been solve, it served as a wake up call for many to be more vigilant when using their funds online.

Despite this, digital adoption in Singapore continues to grow quickly and there are still many scam that are targeting both members of the public and office workers as well. One scam in particular is Classiscam, a sophisticated scam-as-a-service operation. The Russian-speaking operation is now expanding globally, with 40 interconnected gangs in about a dozen schemes.

Group-IB which discovered the scam earlier this year, now reports that the scam has expanded to Singapore. In fact, ever since Classiscam’s appearance in Singapore, Group-IB Digital Risk Protection (DRP) team has detected a total of 18 domains intended to target buyers on the local classified website, however, according to the team, this number is believed to be significantly higher.

Group-IB has since reported its findings to the Singapore Police Force’s Alliance of Public-Private Cybercrime Stakeholders (APPACT) and the local classified website in question.

What is Classiscam?

Initially discovered in 2020 by Group-IB researches, the fully automated scam-as-a-service affiliate program is designed to steal payment and personal data from the users of popular classifieds and marketplaces.

Compared to other scams, Classiscam relies heavily on Telegram bots and chats to coordinate operations and create phishing and scam pages in seconds. The scam has already caused problems in Russia, Europe and the US and now has found its way to Asia Pacific.

The hierarchy of the Classiscam groups operates in a pyramid formation. A team of administrators is on top of the chain and responsible for recruiting new members, automating the creation of scam pages, registering new accounts, and providing assistance when the bank blocks the recipient’s card or the transaction. The administrator’s share is about 20-30% of the stolen sum. “Workers” receive 70-80% of the stolen sum for communicating with victims and sending them phishing URLs. All details of deals made by workers (including the sum, payment number, and username) are displayed in a Telegram bot.

The Group-IB Digital Risk Protection team has identified and categorized 380 different groups operating under the Classiscam model in Telegram since 2019, with 90 active groups at the time of this announcement. Currently, more than 38,000 scammers are registered in these groups, which is seven times more than in 2020. According to Group-IB’s estimates, globally, the damage from the Classiscam operations can be as high as $29,500,000.

In Singapore, Group-IB Digital Risk Protection used its extensive scam intelligence on the Classiscam operation and its patented Graph Network Analysis tool. The investigations revealed that the scammers designed a phishing tool that generates fake websites that mimic the official platform of a local classified website used for selling and buying goods. These fake links are generated using web panels or Telegram bots.

After initial contact with the legitimate seller, the scammers generate a unique phishing link that confuses the sellers by displaying the information about the seller’s offer and imitating the official classified’s website and URL. Scammers claim that payment has been made and lure the victim into either making a payment for delivery or collecting the payment.

Once a victim clicks “Receive funds”, they would be redirected to a phishing page where their payment card credentials are retrieved. After the scammers receive credit card details from the victim, they request OTP verification from the bank. This again is a fake OTP page. Once the victim submits the OTP code on the fake website, the scammers can transfer money to their accounts.

A growing scam problem in Singapore

For Ilia Rozhnov, head of the Digital Risk Protection team at Group-IB’s Global HQ in Singapore Classiscam is far more complex to tackle than the conventional types of scams.

“Unlike the conventional scams, Classiscam is fully automated and could be widely distributed. Scammers could create an inexhaustible list of links on the fly. In the past three years, we have successfully blocked close to 5,000 resources that were part of Classiscam infrastructure. It was only possible because we were able to identify and eliminate adversary infrastructures which produce resources to support Classiscams with the help of AI-driven digital risk protection, enriched with data on adversary infrastructure, techniques, tactics, and new fraud schemes,” commented Rozhnov.

At the same time, brands that scammers impersonate are strongly encouraged to keep themselves updated with new scamming techniques and schemes. With a specialized Digital Risk Detection system, they can actively monitor and identify phishing domains and fake advertisements.

To avoid falling prey, steps can be taken to tackle the increase in online scamming. Users should always check the domain of the URL to verify if it’s the official website before sharing any personal and payment details.

Another recommendation is when communicating with the other party for sale of goods or services, to engage with online chat designed by official websites. Finally, like with conventional scams, individuals should be wary of too-good-to-be-true offers.

---

---

---