Expanded Classiscam operations detailed

Individuals in Singapore selling through classified sites are being targeted by the expanded Classiscam credit card stealing campaign, which has already caused more than $29 million in damages from attacks against banks, delivery firms, cryptocurrency exchanges, and other service providers in the U.S., Europe, and Russia since 2019, according to BleepingComputer. Attackers behind the newest campaign leveraged 18 domains for phishing sites that are then promoted through Telegram bots, a report from Group-IB showed. Phishing site URLs are being sent to sellers who will be redirected to what seems to be a classifieds portal that indicates payment completion but requests sellers to input their complete card information. While more than 5,000 malicious Classiscam endpoints have already been blocked, the scam's fully automated nature has proved challenging to disrupt. "Unlike the conventional scams, Classiscam is fully automated and could be widely distributed. Scammers could create an inexhaustible list of links on the fly. To complicate the detection and takedown, the home page of the rogue domains always redirects to the official website of a local classified platform," said Group-IB Digital Risk Protection Team Head Ilia Rozhnov.