Part 1 of our series about the history of scams detailed how disjointed thefts of social media and gaming accounts evolved into an organized criminal market. In Part 2, we looked at two further developments: dating and classifieds scams. Part 3 describes how scams spread globally.
In 2020, scammers started targeting online marketplace users in various post-Soviet countries, such as Belarus, Ukraine, Kazakhstan, and Kyrgyzstan. The fraud scheme was the same as before in terms of both technology and organization. The threat actors only needed to adjust their scripts to new marketplaces.
Spreading to Europe took a while. Apart from the language barrier, threat actors faced the problem of cashing out stolen money. Virtual bank cards did not work, and in order to receive payments, local bank cards were required, which were difficult to issue. The cashout process itself was challenging too.
The problem did not persist for long, however. Stealing from users in Europe was very profitable and worth the effort of overcoming the problems with withdrawing and cashing out stolen sums. Scammers quickly adopted and adjusted methods used by carders (criminals specializing in bank card fraud). Bank cards that had low balances and were available at very low prices were perfect for receiving money from European mammoths (scammer slang term for victims).
As groups started to target Europe, workers (a term used in the underground community to mean scammers as opposed to organizers or other members of scam groups) began adjusting to the fact that individual thefts were now not as quick as they used to be and the cost of cashing out rose to 50% of the stolen sum. However, such thefts were more profitable and much safer for threat actors. The risk of being arrested after stealing from a user in Europe is not big, given the challenges of international cooperation between police departments of different countries.
Modern scam groups can generate phishing pages for about a dozen platforms in various countries. Combining all functionalities in Telegram’s concise interface became difficult and some groups reverted to using admin panels.
A scammer hierarchy formed: more profitable European platforms are only available to skilled workers, while newcomers are offered activities in post-Soviet countries. Some groups have “elite” chats for the most successful workers.
The active development of the scam community attracted a lot of attention to the forums where it was active. Screenshots and usernames from these forums started appearing in analyses by cybersecurity researchers and in the media, drawing attention to the underground community. Forum administrators responded in the same way as in the case of ransomware: scammer forum threads got banned. This, however, did not affect scam groups much: the key teams were established a long time ago and newcomers are now recruited through ads in dedicated Telegram channels and even on TikTok.
Fraud schemes continue to evolve and scams are becoming ever more specialized. New services have emerged that provide “payment systems” designed to exclusively serve scammers. This reflects the overall popularity of cybercrime as a service, one example of which is a scheme called Classiscam mentioned in part 2 of our series.
Scams present a major threat worldwide, primarily targeting individuals rather than businesses. Anyone can become a victim, so it is important to always be vigilant about suspicious ads, classifieds, messages, and emails. Practicing good digital hygiene is a simple and effective way to stay safe online. You can learn more about it in our Medium post.
This series of articles was made possible by Group-IB’s Investigations team. With more than 1,400 closed cases under their belt, our investigators know the ins and outs of cybercrime and help people and businesses around the world to stop attacks, recoup damage from cybercrime, and bring threat actors to justice. Check how you can benefit from Group-IB’s investigations on our website.
