Now entering its third year in business, the phishing platform, Classicam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1000 attack groups worldwide.
What do cybercriminals need for a successful attack? A convincing email, a list of potential target email addresses, and a website to extract payment details, bank login credentials, etc. And it’s the last part that’s usually the barrier to market for those that want to get into cybercrime.
But scam-as-a-service platform Classiscam has evolved its operations over the years, according to a new report by cybersecurity vendor Group-IB. It has created a template-based service where attackers can create brand impersonated webpages and support localization to expand attacks globally.
According to Group-IB, 251 unique brands were impersonated in the last two years in a total of 79 countries. Over 38,000 separate cybercrime groups have used this service from 2020 through this year, raking in an estimated $64.5 million to Classiscam during that time.
Used to target EMEA, Latin America, and APAC regions, the potential for this platform to expand operations into North America is high.
The real danger for organizations is the templated phishing sites. By continually monitoring and improving these sites, attackers are more successful. In other words, it becomes more likely that targets will become victims.
All the more reason to prop up your user’s sense of vigilance through continual security awareness training to help make the phishing attacks that precede the Classiscam pages obvious to the user.
Here's how it works:
