A credit/debit card theft scheme that was initially discovered in 2020 has now been detected in Singapore.
According to reported by Bleeping Computerthe company’s threat analysts cybersecurity Group-IB link him to “Classicscam,” a global operation that has targeted people in Europe, Russia, and the United States.
Phishing sites that mimic Singapore classified sites are created and spread through Telegram, which is becoming an increasingly popular platform for hackers, drug dealers and cybercriminals in general. A total of 18 phishing-related domains connected to the scheme were discovered.
Additionally, by using one-time access codes (OTPs) associated with someone’s bank, scammers aim to divert the victim’s funds into their own accounts.
Threat actors initially contact the seller of an item on these classified sites to mention that they want to purchase it, after which a phishing site URL is submitted.
If the seller lands on the fake URL and moves on, the site they load will resemble the classifieds portal, indicating that the payment for purchasing the item has been successfully processed.
The seller is reportedly required to provide their full card details to receive the amount due for selling their item, including their name, card number, expiration date and CVV code.
From here, the seller receives a doctored OTP (One Time Password) page, which is where the scammer can use it through a reverse proxy on the real banking portal.
Classicscam operates as an automated ‘scam as a service’, which is no doubt popular with the hacker community. It primarily tries to target users of classified sites, but its efforts also extend to banks, cryptocurrency exchanges, delivery companies, and moving companies, to name a few.
In order to promote its services and for operational purposes, Classicscam is spread through Telegram channels: it is said that there are around 90 active rooms at the moment. Since its release during 2019, it has reportedly been behind $29 million in damage.
Group-IB highlights how the network is home to 38,000 registered users, all of whom receive around 75% of the stolen profits. The platform administrators, for their part, take the remaining 25% cut.
Although Group-IB has tracked and blocked 5,000 malicious endpoints in the last three years, this has not negatively affected Classicscam’s activity.
Ilia Rozhnov, head of Group-IB’s digital risk protection team, commented on the sophisticated nature of the scheme.
“Classiscam is much more complex to tackle than conventional types of scams. Unlike conventional scams, Classiscam is fully automated and could be widely distributed. Scammers could create an endless list of links on the fly. To complicate detection and takedown, the home page of malicious domains always redirects to the official website of a local classified platform.”