‘Classiscam’ scheme targeting marketplace users through Telegram bot
Threat hunting company Group-IB published a report on a new scam scheme that they named “Classiscam.” The report reveals 40 or more groups currently running this scheme across Russia and Europe. The scheme involves a hierarchy of administrators, workers, and callers, who organize their activities through a Telegram bot. The scam itself targets customers of online marketplaces with a combination of baits, messages, and fraudulent sites to steal a victim’s money.
While there seem to be a couple of variations, here is the core of how the scam works: The malicious actors will create a bait ad on a legitimate marketplace, usually offering a high-value technology item with a significant discount. The actor will then send a request to the Telegram bot, which will provide the actor with scam materials for the ad (including a fraudulent payment page). When a potential victim contacts the actor through the marketplace, the actor will attempt to move the conversation to a messaging application like WhatsApp. There, the actor will provide the victim with a link to the fraudulent payment page.