Hackers Steal Credit Cards From Classified Sites Via Phishing

Share post:

Threat analysts at Group-IB have uncovered a new credit card theft campaign aimed at stealing credit cards from sellers on classified sites via phishing.

The campaign ongoing in Singapore was recently discovered in March 2022 and is seen as part of a global operation called “Classicscam,” which was uncovered as early as 2020.

According to Group-IB, Classicscam is a fully automated “scam as a service” platform that target users of classified websites who try to sell or buy something listed on the sites.

The criminal network now has 38,000 registered users, who receive about 75% of the stolen amounts, while the platform administrators receive a 25% cut. It targets banks, cryptocurrency exchanges, delivery companies, moving companies and other types of service providers.

While it has previously been seen in Russia, Europe and the United States, the new campaign in Singapore uses 18 domains that served as a space for Telegram bots to create phishing pages.

In order to carry out an attack, the attackers approach the seller of an item with a fake intention to buy, then send them the URL of a generated phishing page. If the seller clicks on it, they will be taken to a malicious page, which deceives them that the payment has been completed.

The seller is asked to enter full card details in order to receive the money for the purchase. Next, the victim is sent a fake OTP page, while the Classicscam service uses this to log in to the real bank portal via a reverse proxy.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Apple reduces forecasts for Vision Pro as demand cools in key US market

In an unexpected shift, Apple has drastically reduced its shipment forecasts for the upcoming Vision Pro, indicating a...

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI surpasses human benchmarks in most areas: Stanford report

Stanford University’s Institute for Human-Centered Artificial Intelligence (HAI) has published the seventh annual issue of its AI Index...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways