A Russia-based hacker collective has expanded its operations in Singapore. The group is a famous threat actor known for stealing payment details from vendors and sellers on the internet. The scammer group uses this data to access the payment accounts and drains it to zero, leaving the victim party out of all the saved funds.
According to a report by the international cybersecurity company Group-IB, which is also credited with discovering the scammers, “Classiscam” is a scam-as-a-service operation that defrauds online sellers. The company claims that the scam has reached Singapore’s marketplaces and has been running covertly since March 2022.
The company has expressed its concerns regarding the threat actor and provided users with a thorough analysis of the situation and advice on avoiding falling victim to the scammers. It also states that Singapore residents may need to exercise extra caution when purchasing goods and devices from websites that may copy the design of the genuine website.
What is Classiscam?
Classiscam fraudsters are not an old group, nor does it belong to any bigger hacker groups. According to reports, Classiscam was first discovered in 2020 as a scam-as-a-service affiliate program. It runs on autopilot and is specifically designed to steal payment details from users on product websites like Amazon, Shopee, Alibaba, and more.
The report claimed that Classiscam uses “Telegram bots to coordinate operations and create scam pages in seconds,” making it an efficient tool for cybercriminals. By making it seem authentic, the scammers use these websites to scam people into giving them banking details, which can be used to transfer money.
Classiscam fraudsters first appeared in Russia and then propagated through Europe before entering the US markets. Its latest target is the Asia Pacific, specifically Singapore, which is home to over 147 E-commerce stores that operate daily.
How do Classiscam fraudsters operate?
Classiscam fraudsters operate in a pyramid hierarchy, where the top administration recruits new members and automates the scams. In contrast, the lower levels work on targeting people on eCommerce websites. The fraudsters rely heavily on bots, which automate the scams using online chat functions. In the case of Singapore, the hackers are reversing the techniques and instead targeting online sellers, not buyers.
To make this scam work, hackers use a unique phishing link inserted into an identical website that lures sellers to reveal their information. It works by making little changes to the fake website in the backend to display that a certain amount of payment has been made. This data helps win victims’ trust, and they try facilitating the delivery and other payment procedure by giving their credit card details.
However, since modern payment requires multiple-factor authentication, like a password or prompt, the hackers lead the seller to an online site that once again confirms the payment. This is where scammers exploit the OTP code. All the information they collected so far gives the fraudster enough material to drain the victim’s account.
How to tackle online scammers?
In its report, the report shared methods to identify and stop fraudsters. “Users should always check the URL domain to verify if it’s the official website before sharing any personal and payment details,” the report stated. Lastly, users and sellers alike should stay away from too-good-to-be-true offers.