BURSTOnline marketplaces have become increasingly popular in developing countries since 2015, providing platforms for trading various goods from used electronics to brand-new items.
This digitalization trend, however, has created fertile ground for sophisticated scam operations.
Among these, Classiscam has emerged as a particularly concerning threat, leveraging automation to create convincing fake websites that harvest financial information from unsuspecting victims.
The scam typically begins when fraudsters identify legitimate sellers on online marketplaces and pose as interested buyers.
Instead of using the marketplace’s native messaging system, which is typically monitored for suspicious activity, these actors persuade sellers to continue communications via Telegram, creating a more private environment where they can execute their schemes without detection.
Group-IB researchers identified that Classiscam operates as a scam-as-a-service operation, utilizing a network of coordinated participants with specific roles.
Fake bots, marketplaces and support
These include fake support specialists who create counterfeit receipts, data input operators who handle stolen financial information, and executors who generate and distribute phishing websites through pre-configured Telegram bots.
Once communication moves to Telegram, fraudsters claim to be located far from the seller and suggest using a delivery service for the transaction.
They provide links to convincing phishing websites that mimic legitimate logistics platforms, complete with professional-looking interfaces and payment forms designed to harvest banking credentials.
The technical sophistication of Classiscam is evident in its infrastructure. Analysis of a phishing site revealed code designed to collect banking credentials and track victim information:-
LOGINThe automation aspect is particularly concerning. Telegram bots like those used by the “Namangun Team” allow operators to generate phishing links instantly by selecting target countries and services.
The phishing pages are professionally designed, often including fake customer testimonials to build trust.
.webp)
When victims enter their information, all data is logged and sent to the scammers via the Telegram bot.
Cybersecurity experts recommend maintaining all communications within marketplace platforms, carefully verifying external services, and never sharing sensitive financial information with unverified parties.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Classiscam Actors Automate Malicious Websites To Steal Financial Data appeared first on Cyber Security News.