do son 
A screenshot of the payment page where the users are required to provide their credit card information | Image: Group-IB
A new report by Group-IB reveals the growing threat of “Classiscam” scams in Central Asia, exploiting the increasing popularity of online platforms in the region. These scams, which have evolved from simple fake ads to sophisticated operations using Telegram bots, are targeting online marketplaces and deceiving users into divulging their financial information.
How Classiscam Works
The Classiscam scam typically begins with a legitimate seller listing an item on an online marketplace. A fraudster posing as an interested buyer contacts the seller, often suggesting to move the conversation to Telegram to avoid marketplace monitoring.
The scammer then lures the seller with a fake delivery website, designed to mimic reputable logistics platforms. These phishing sites contain forms that request the seller’s banking details under the guise of processing the transaction. As the report states, “Fraudsters now employ sophisticated methods with minimal resources, often sharing phishing links or attractive offers through social media or public chats, making these scams both highly effective and challenging to detect”.
Key Roles in Classiscam Operations
The report identifies several roles within Classiscam operations:
- Fake support: Fraudsters who create fake receipts and impersonate technical support.
- Data input: Operatives who enter stolen or fake data.
- Operators: Individuals who create phishing websites and lure victims.
Examples of Classiscam Tactics
Group-IB’s investigation uncovered various tactics used by Classiscam scammers:
- Impersonating buyers: Scammers contact sellers on online marketplaces and try to move the conversation to Telegram.
- Using fake delivery services: Scammers provide links to phishing sites that mimic legitimate courier services.
- Providing fake documents: Scammers send seemingly legitimate identification documents to gain the seller’s trust.
- Impersonating government officials: Scammers create phishing pages that impersonate government ministries to steal banking information.
Telegram Bots and Automation
The report emphasizes the use of Telegram bots to automate and scale Classiscam operations. These bots allow scammers to quickly generate phishing pages, select target countries, and choose services to mimic. As the report highlights, “Classiscam is an automated scam-as-a-service operation that uses Telegram bots to create fake websites mimicking legitimate services, deceiving victims into sharing their financial details.“
Impact and Recommendations
Classiscam scams pose a significant threat to users of online platforms in Central Asia, leading to financial losses and data theft. The report advises users to be cautious of unsolicited messages, verify website legitimacy, and avoid sharing sensitive information on unverified platforms.
