Learn How Scam-as-a-Service Automates Fraud by Unleashing a Swarm of Telegram Bots to Steal Data

Explore how Telegram bots empower the rise of Scam-as-a-Service, the new frontier of cybercrime.

PUBLISHED NOV 12, 2023

In this photo illustration, the logo of the social media application Telegram is displayed on the screen of an iPhone Getty Images | Photo illustration by Chesnot

Blowing the lid off the scandal

In the ever-evolving landscape of cybercrime, one nefarious trend of "Scam-as-a-Service" operations is rapidly gaining traction. These operations exploit the power of Telegram bots, allowing scammers to efficiently carry out their fraudulent activities. In this article, we delve into the world of Scam-as-a-Service, explore how Telegram bots play a pivotal role, and discuss the consequences of this escalating digital threat.

25 million users have joined Telegram secure messaging in the past 72 hours, Russian founder Pavel Durov announced on Tuesday. Getty Images | Photo illustration by Chesnot

Understanding Scam-as-a-Service

Scam-as-a-Service, known as SaaS for all the wrong reasons, is a malicious enterprise that leverages technology to make scams more accessible and effective. These operations offer turnkey solutions to fraudsters, enabling them to create and launch scams with ease. The latest report by Group-IB highlights one such operation, Classiscam, which has been making waves in 2023.

What is the Classiscam operation?

Classiscam is a fully automated service designed to siphon money and payment data from unsuspecting victims. What sets Classiscam apart is its cunning use of Telegram bots. These bots assist in creating ready-to-use phishing pages, impersonating a wide range of companies across various industries, including online marketplaces, classified sites, and logistics operators.

But the maliciousness doesn't stop at stealing money and payment data. The perpetrators behind Classiscam are also stealing login credentials for bank accounts, making them a multifaceted threat. The extensive reach of their phishing pages covers a staggering 251 unique brands from 79 different countries, illustrating the global impact of this digital menace.

Telegram bots: The silent assassins

Telegram bots are small, automated programs that can be integrated into Telegram chats or channels. These bots offer an array of functions and can be easily tailored to meet the user's specific demands, making them an attractive choice for scammers.

The role of Telegram bots

These bots can easily generate phishing sites by extracting data from legitimate websites. Moreover, they assist in preparing email templates and even engage users to provide personal details, all in a streamlined and efficient manner. The ease of use and versatility of Telegram bots make them ideal for criminals looking to automate their scams and target a wide range of victims.

Accessibility and democratization of cybercrime

Telegram's features, such as emojis, direct private chats, and a user-friendly mobile application, contribute to its popularity among scammers. What's even more alarming is that engaging in cybercrime on Telegram requires lower technical proficiency than accessing the dark web via Tor. This accessibility has democratized cybercrime data and made it more widespread.

In this photo illustration, the logo of the social media application Telegram is displayed on the screen of a tablet on January 13, 2021 in Paris, France. Getty Images | Photo illustration by Chesnot

Phishing kits and tutorials

Telegram offers a convenient marketplace for phishing kits that come complete with tutorials. These kits are designed to be user-friendly, even for those with limited technical knowledge. The affordability of these kits further lowers the entry barrier for potential cybercriminals, making it easier for them to target businesses.

Classiscam's global impact

Classiscam initially emerged in Russia, where it underwent rigorous testing before expanding globally. The surge in remote work and online shopping, accelerated by the COVID-19 pandemic, contributed to its rise in its usage.

Classiscam's expansion into APAC

Classiscam primarily targeted brands in Australia, and its success there led to operations in India, Hong Kong, Singapore, Sri Lanka, and Malaysia. Since the Group-IB Computer Emergency Response Team (CERT-GIB) first identified Classiscam's operations, 1,366 separate groups leveraging this scheme have been discovered on Telegram.

Between the first half of 2020 and the first half of 2023, these groups collectively amassed an estimated $64.5 million.

In this photo illustration, the logos of social media applications, Messenger, WeChat, Instagram, WhatsApp, Twitter, MeWe, Telegram, Signal and Facebook are displayed on the screen of an iPhone on January 13, 2021 in Paris, France. Getty Images | Photo illustration by Chesnot

Specialization within scam groups

As Scam-as-a-Service operations like Classiscam expand, the roles within these groups have become increasingly specialized. Classiscam scammers now offer features like balance checks to determine how much they can charge victims, and fake bank login pages to harvest user credentials. In total, Classiscam scammers have created imitation login pages for 63 banks in 14 different countries.

The future of Scam-as-a-Service and the role of Telegram

Classiscam and similar operations show no sign of slowing down. The combination of full automation and low technical barriers for entry ensures that they will remain a significant global threat in 2023.

As users navigate the digital realm, it is crucial to remain vigilant. Prioritizing online safety and being cautious of potential scams on social media and other digital platforms is essential. Always avoid suspicious sites and links, and be aware of the evolving tactics employed by Scam-as-a-Service operations.