What is Classiscam Scam-as-a-Service?

“The ‘Classiscam’ scam-as-a-service operation has broadened its reach worldwide, targeting many more brands, countries, and industries, causing more significant financial damage than before,” touts Bleeping Computer.

So just what is it?

What is Classiscam?

It’s a bird. It’s a plane. It’s – a pyramid? Classiscam is an enterprising criminal operation that uses a division of labor to organize low-level phishers into classified site scammers and takes a cut off the top. Once solo purveyors of dark web phishing kits, these entryway hackers have now found a flag to fly under, and it pays. Just more to some than others.

Like all criminal as-a-Service enterprises, it maximizes on the supply-chain nature exploits can have once you pull them apart. It just does it a little differently.

First discovered by Group-IB in 2019, the group grew to encompass 40 cybergangs and $6.5 million in profit within its first year. By 2021, it had netted a cool $19 million and could boast 38,000 in membership.

How Does Classiscam Work?

So how does it work? Based on Telegram, the encrypted messaging app, the Classiscam operation sells scam kits to interested parties. These parties then take roles, either as workers or callers. The workers interface directly with the customers and send them malicious links. They’re the boots-on-the-ground phishers, if you will, and they take home 70%.

Then there are the callers for when things go wrong. Do you need customer support? Is a payment not going through? These members moonlight as “support specialists” and help the operation go smoothly for the victim (ahem, “client”) involved. They take home about 10%.

And then there are the admins, the brains of the operations. They’re the ones that package and sell these scam kits, offer training, and provide (actually very helpful) resources to get newbies involved. They want you to feel successful as a budding scammer, and they’re ready to help you do so. They even come to the rescue when the banks block the card, and it’s their responsibility to keep the pipeline full of new recruits. For their efforts, they rake in about 20% off the top.

This well-oiled machine is just that: an organized underground operation whose efficiency and low bar-to-entry have made it a popular choice among those who have faced the trials of going it alone. Now, you don’t have to know everything. You don’t even have to do everything. You take an assembly-line job working your part of the scam, and you’re happy with what you get at the end of the day.

Think of it as a way to make the unpredictable world of commission-only criminality that much more dependable. And everyone wants a steady gig.

With Classiscam, scrappy is out. “Let’s get organized” seems to be the watchword, and the machine is turning into a bulldozer with each new cog.

Classiscam Stats

To further open our eyes, here is Classiscam by the numbers. Between H1 2021 and H1 2023,

• 251 unique brands have been targeted
• 79 countries have been affected
• Over 1,300 Classiscam groups have appeared on Telegram
• Earnings are estimated at $64.5M
• 393 affiliated groups have been investigated by Group-IB

And the average victim loses $353 per transaction, although in the UK, it’s higher: more than double $865.

Anatomy of a Scam

How would you know a Classiscam ploy when you see one? Chances are, you won’t.

You’ll be scrolling through your favorite classified site when an ad pops up for something you like. Let’s say it’s Facebook Marketplace, Amazon, Craig’s List or your local equivalent. You click it, buy the product (amazingly priced), and that’s that. Weeks later, your product never shows up, and your credit card bill is several hundred dollars higher. It’s as easy as that.

You call the company asking what went wrong, and they apologize. Supply chain issues. They say they’ll refund you, just not on the same card. Is there a bank account they can wire the money into? Perfect. They tell you to wait 3-5 business days, and it’s all over. A week later, and your bank account doesn’t look like it used to.

Everything about this scenario seems normal – the ad, the product, the order, the call. The only thing that doesn’t is the obvious. Classiscam has a great “thing” going because it mimics the architecture of legitimacy – these aren’t bad guys snarling through the phone asking for your money. It’s all so tame you wouldn’t notice it… Until you do.

And that’s only one route. There are a total of 63 bank login pages being impersonated between 14 different countries where unsuspecting victims are handing over their credentials without a fight.

Just Saying No to Unsolicited Deals

The more success the Classiscam model enjoys, the easier it is to recruit players to their ranks. One way to curb that success is to stay aware of the red flags and learn how to avoid them.

For instance,

• Never communicate outside the classified platform
• Keep in mind: Extremely low prices are just bait
• Avoid wiring money to sellers
• Use secure payment methods that offer fraud protection
• Scrutinize URLs for telltale signs, especially if the link is sent via a messaging site

Also, these criminals call from local numbers, so beware. No one expects the “scammer next door”, but with the magic of technology, that area code could be calling from 60,000 miles away.

The bottom line is that criminals are getting organized, sterilized, and efficient. They’re fighting (albeit amongst themselves) for fair pay, and they may even unionize. That last part is a lie, but it’s nearly as incredible as all the rest. Classiscam seems to have stolen a lot of dark web Lost Boys and put them to good work. Judging by the meteoric 10x rise in take-home since its inception, that work is paying off.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.