Skip to main content

Selling something online? Watch out for this clever new scam

A credit/debit card stealing scheme that was initially discovered in 2020 has now been detected in Singapore.

As reported by Bleeping Computer, threat analysts at cybersecurity company Group-IB link it to “Classicscam,” a global operation that has targeted individuals in Europe, Russia, and the U.S.

An individual holding a phone and card.
Karl Tapales/Getty Images

Phishing sites that imitate Singaporean classifieds sites are created and spread via Telegram, which is becoming an increasingly popular platform for hackers, drug dealers, and cybercriminals in general. A total of 18 phishing-related domains connected to the scheme were uncovered.

Furthermore, with the use of one-time passcodes (OTPs) associated with someone’s bank, scammers aim to divert the funds away from the victim and into their own accounts.

The threat actors initially contact the seller of an item on these classified sites to mention they want to buy it, after which an URL of the phishing site is sent.

Should the seller fall for the bogus URL and follow through, the site they load will resemble the classifieds portal, stating that the payment for buying the item has been processed successfully.

The seller is reportedly required to provide their full card details to receive the amount owed to them for selling their item, including their name, card number, expiration date, and the CVV code.

An infographic detailing an online scam.
Image source: Group-IB/Bleeping Computer

From here, the seller is given a doctored OTP (one-time password) page, which is when the scammer can then use that through a reverse proxy on the actual bank portal.

Classicscam operates as an automated “scam as a service,” which is undoubtedly popular among the hacking community. It primarily attempts to focus on users of classified sites, but its efforts also extend to banks, cryptocurrency exchanges, delivery companies, and moving companies to name a few.

In order to promote its services and for operational purposes, Classicscam is spread through Telegram channels — there’s said to be around 90 active rooms at the moment. Since it launched during 2019, it’s reported that it has been behind $29 million in damages.

Group-IB highlights how the network is home to 38,000 registered users, all of whom receive around 75% of any stolen proceeds. Platform administrators, meanwhile, take the remaining 25% cut.

Although Group-IB has tracked down and blocked 5,000 malicious endpoints over the last three years, that hasn’t negatively affected Classicscam’s activity.

Ilia Rozhnov, Group-IB’s head of digital risk protection team, commented on the sophisticated nature of the scheme.

“Classiscam is far more complex to tackle than the conventional types of scams. Unlike the conventional scams, Classiscam is fully automated and could be widely distributed. Scammers could create an inexhaustible list of links on the fly. To complicate the detection and takedown, the home page of the rogue domains always redirects to the official website of a local classified platform.”

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
HiveNightmare is a nasty new Windows bug. Here’s how to protect yourself
Windows 11 on a tablet.

A new bug called ‘HiveNightmare’ reportedly lets anyone with local or remote access to your PC take it over. This is a fairly new and serious flaw in the latest versions of Windows 10, as well as in Windows 11, which is still being tested in the Windows Insiders program.

Using malware, the hacker can gain complete access to your PC without needing an administrative password. The bug originates from an alleged change in the recent versions of Windows 10 and 11 that grants unauthorized users the privilege to access the Security Account Manager (SAM). The SAM is a database that contains both usernames and passwords for local accounts on the operating system.

Read more
Newegg keeps restocking new graphics cards, but they always sell out in minutes
nvidia rtx 3080 review 04

After quickly going back in stock, retailer Newegg found itself once again depleted of inventory of the latest RTX and Radeon graphics cards from Nvidia and AMD, as well as the latest AMD Ryzen processors. The retailer's inventory sold out within minutes of when inventory went live on the site on December 14.

Today's replenished inventory was publicized on Twitter, following similar restocking events every few days over the past couple of weeks. It seems that retail channels continue to be unable to keep up with widespread demand following short supplies from both AMD and Nvidia.

Read more
How good are you at spotting phishing scams? Take this quiz to find out
Woman pulling out credit card in front of laptop.

One of the best security defenses in protecting your online accounts and your password is being able to spot and recognize a phishing email (or the nefarious new "smishing" scams). With phishing attacks disguised in billions of emails every year, according to Google, and millions of people clicking the malicious links in these messages each day, the threat is real. Thankfully, Google has designed a quiz to help educate internet users on how to spot these messages to avoid becoming a victim of phishing.

Be sure to take Google's phishing quiz and log on with your Google account to learn more about how to identify a phishing attack from a normal email message.

Read more