A global scam-as-a-service operation known as Classiscam is continuing to evolve and target users in the Middle East and Africa (MEA) region. The scheme, which was first identified in Russia in 2019, uses Telegram bots to create phishing pages that impersonate legitimate companies, such as online marketplaces, classified sites, and logistics operators. These pages are designed to steal money, payment data, and in some cases, bank login credentials from unsuspecting users.
According to a new report by Group-IB, a global cybersecurity company, Classiscam has targeted users in 79 countries since H1 2021. The MEA region is the second most targeted region, after Europe. In H1 2023 alone, Classiscam groups made an estimated USD $64.5 million from their scams.
The report also found that Classiscam operators have become increasingly sophisticated in their methods. In addition to creating phishing pages, they are now also using information stealers and balance checkers to target victims. Information stealers are malware programs that can steal a victim’s personal information, such as their bank account details and passwords. Balance checkers are tools that can be used to check the balance of a victim’s bank account.
Group-IB is urging users in the MEA region to be aware of the Classiscam scam and to take steps to protect themselves. Some tips for staying safe include:
If you think you may have been a victim of the Classiscam scam, you should contact your bank immediately and report the incident to the authorities.
Group-IB will continue to monitor global Classiscam campaigns and work with law enforcement to take down these scams. Companies whose brand and likeness are impersonated by scammers are recommended to leverage Digital Risk Protection solutions that can actively monitor, identify, and take down phishing domains.
