By : Mohamed Elattar – Ali Eldeeb

Group-IP, the global company specializing in the field of cybersecurity based in Singapore, in coordination with the UAE Cybersecurity Council, revealed that the fraud-as-a-service known as "Classiscam" continues its global campaign clearly during the year 2023. Pages were designed Phishing for Operation ClassisCam to steal funds, payment data, and in some cases steal login credentials for Internet users' banking services. Group-IP experts and analysts found that the automated scheme uses bots from the Telegram app to create ready-to-use phishing pages that impersonate a number of companies operating in different sectors, including online stores, classifieds sites, and logistics operators.

According to the results issued by “Group-IB”, 251 unique brands from 79 countries were impersonated and used on phishing pages as part of the “Classiccam” scam during the period from the first half of 2021 to the first half of 2023. In addition In addition, the phishing templates and templates created for each brand have been modified to target different countries by modifying the language and currency used on the scam pages. A specific logistics brand was impersonated to target users in up to 31 countries.

Since the second half of 2019, when the Group-IB Computer Emergency Response Team, in cooperation with the company's Digital Threat Protection Unit, succeeded in uncovering the Classcam scam for the first time, 1,366 separate groups have been discovered taking advantage of this scheme on the Telegram application. . Group IP experts examined Telegram channels containing information related to 393 groups linked to the Classiscam scam, with more than 38,000 members, and which were active during the period from the first half of 2020 to the first half of 2023. During this During the period, these groups generated estimated profits of US$64.5 million. Since 2022, ClassScam scammers have introduced new innovations such as phishing schemes designed to steal victims' online bank account credentials, and some groups have begun using specific software to steal information.

As part of its mission to combat global cybercrime, Group-IB will continue to share the results of its studies related to the “Classiccam” fraud campaign, leveraging its digital risk protection solution, and in cooperation with legal bodies and authorities. Group-IB aims through this study to increase public awareness about the latest fraudulent methods and reduce the number of potential victims of this type of fraud.

The "Classiccam" scam first appeared in Russia, where the scheme was trialled and tested before being rolled out around the world. The popularity of the scam affiliate program increased in 2020, specifically after the spread of Covid-19, and the subsequent rise in the popularity of remote work and online shopping.

His Excellency Dr. Mohammed Al Kuwaiti, Chairman of the UAE Government Cybersecurity Council, said: “In light of the increase in the frequency of cyberattacks in recent years, the UAE has adopted a comprehensive approach to cybersecurity based on five basic pillars: enhancing global cooperation, encouraging partnerships between the public and private sectors, “Enhancing cybersecurity measures, fostering innovation, and strengthening the electronic knowledge society, with the aim of dealing with cyberattacks and limiting their repercussions. As digital transformation efforts continue at the country level, the focus on digitization remains one of the main factors to ensure a safe and prosperous digital landscape.”