In 2020, cybersecurity experts from Group-IB discovered a new online scam, which they then named Classicscam. They then describe the process as a fully automated “scam as a service” that extracts money from users of classified ad sites. As a new wave has been gaining momentum since March this year, the organization is warning Internet users against this massive phishing campaign.
Its operation is as simple as formidable. Hackers directly contact the seller of a product and pretend to be ready to buy it. To do this, they redirect their victim to a fraudulent site, which they present as a money transfer platform. Of course, this is a phishing site. By clicking on it, the victim arrives on a page which states that the payment is pending. To receive it, she must enter her bank details.
On the same subject — Cryptocurrencies: hackers take advantage of the disastrous security of this start-up to steal 196 million euros
Hackers automate their scam to steal millions
After submitting their personal information, victims receive a one-time password that hackers use to log into their bank account via a reverse proxy. The latter then have free rein to seize the savings of their target. Group-IB claims to have closed more than 5,000 phishing pages over the past 3 years, which has not prevented the scam from spreading.
On the same subject — Hackers claim to have stolen the personal data of a billion people!
“Unlike classic scams, Classiscam is fully automated and could be widely distributed”explains the organization. “Scammers could create an endless list of links on the fly. » What they do not deprive themselves of. As of now, the network is said to have around 38,000 active users, who share the colossal loot of $29 million. Previously present in Europe and the United States, Classicscam is now claiming many victims in Singapore.