August 11, 2022

Threat analysts at Group-IB have uncovered a new credit card theft campaign aimed at stealing credit cards from sellers on classified sites via phishing.

The campaign ongoing in Singapore was recently discovered in March 2022 and is seen as part of a global operation called “Classicscam,” which was uncovered as early as 2020.

According to Group-IB, Classicscam is a fully automated “scam as a service” platform that target users of classified websites who try to sell or buy something listed on the sites.

The criminal network now has 38,000 registered users, who receive about 75% of the stolen amounts, while the platform administrators receive a 25% cut. It targets banks, cryptocurrency exchanges, delivery companies, moving companies and other types of service providers.

While it has previously been seen in Russia, Europe and the United States, the new campaign in Singapore uses 18 domains that served as a space for Telegram bots to create phishing pages.

In order to carry out an attack, the attackers approach the seller of an item with a fake intention to buy, then send them the URL of a generated phishing page. If the seller clicks on it, they will be taken to a malicious page, which deceives them that the payment has been completed.

The seller is asked to enter full card details in order to receive the money for the purchase. Next, the victim is sent a fake OTP page, while the Classicscam service uses this to log in to the real bank portal via a reverse proxy.

The sources for this piece include an article in BleepingComputer.