What Scam As A Service Learned from the Gold Rush

In 1848 with the gold rush just beginning a smart man named Sam Brannan opened up a mining supply store in Sutters Fort. He bought up every shovel, pick and pan in the area (investing about $70,000 at the time) and then sold that equipment to the flood of 49’ers that arrived to find gold.

Over the next year, he netted about $150,000 a month (about $4 million dollars a month in today’s money) and became one of the greatest beneficiaries of the entire gold rush.

Scammers today are discovering that selling tools to help other scammers scam is more lucrative than scamming themselves. And just like Sam Brannan did during the gold rush these scammers are making far more money than the scammers they sell their tools too.

The Emergence of ClassiScam

Group-IB, a global threat hunting, and adversary-centric cyber intelligence company has discovered that Russian-speaking scammers are targeting European marketplaces and classifieds ads by selling toolkits to scammers who then defraud unsuspecting victims.

The scheme is called Classiscam and it’s an automated scam as a service designed to steal money and payment data.

The scheme is unusual because rather than scam consumers directly, the group provides a toolkit for other scammers to use so that they can steal funds from unsuspecting shoppers online.

Classiscam leverages the learnings from old Sam Brannan that you can make more money selling shovels and pans during a gold rush than you can from mining. The only difference is that today’s gold rush is being driven by the Scamdemic that is spreading all over the world.

All told, Classiscam is estimated to have netted over $6.5 million in 2020.

Ready to Use Scam Pages for Scammers to Use

The scheme is unique because it involves providing other scammers (often newbies) with a toolkit including fake advertisements that they can use to steal money from consumers.

The group uses bots on Telegram and provides ready-to-use pages mimicking popular classifieds, marketplaces, and sometimes delivery services.

According to Group-IB, over 20 large groups, leveraging the scheme, currently operate in Bulgaria, the Czech Republic, France, Poland, Romania, the US, and post-Soviet countries, while 20 more groups work in Russia.

Telegram has quickly emerged as the go to place for fraudsters and scammers to exchange information, methods and how to guides of how to scam unwitting victims.

The Russian Group First Appeared in 2019 But Began Expanding

According to Group IB, this scheme first appeared in 2019, but then really shot up in 2020 as the lockdowns emerged and people began to spend more time working remotely.

The Russian scammers began recruiting and selling their services to scammers from other countries who could translate the pages and talk to victims in the local languages.

How The Scam Operates

As part of the scheme, scammers start by publishing scam ads on websites that spoof popular brands. Most of the time the ads are for popular electronics like cameras, consoles, laptops, and smartphones. The price of the items is usually ridiculously low which attracts victims.

The victims are lured into providing their contact information for delivery purposes and that is when the scammer goes to work.

The seller/scammer contacts the buyers and begins discussions through a 3rd party app like Whatsapp and use local phone numbers to seem more believable and trustworthy.

The scammer will send a payment link to the buyer and once the victim provided their credit card or payment details, the scammers would take the data and attempt to use it elsewhere to purchase other products.

The Scam as A Service Runs Like A Big Organization

The scammers operate as a highly efficient organization with a hierarchy that includes Admins, Workers, and Callers. The group actually resembles a pyramid scheme. Each group gets a cut of the profits.

Admins are the highest level

Admins are responsible for recruiting new members, creating scam pages and new accounts and providing assistance when cards are blocked. Admin’s take a 20% to 30% cut of the fraud amount.

Workers are the next level

Workers communicate with the victim and send the phishing URL’s. Their role is in localizing the scam in the country and making it successful. They will collect 70% to 80% of the fraud amount.

Callers are the lowest level

Callers are the lowest level in hierarchy and they pretend to be support specialist with the victims. They will only get 5% to 10% of the fraud funds.

Working in an organization can be quite lucrative. Group IB believes that there are approximately 5,000 workers currently. Those 5,000 workers are working in about 40 separate groups. Each group makes around $61,000 a month and the total haul for the entire ClassiScam operation is about $500,000 USD per month.