From Novice to Scammer: How The Rise of Scam-as-a-Service Lowers the Bar for Cybercriminals

Note:  This article is intended for educational and informational purposes only. It aims to raise awareness about the mechanisms and dangers of Scam-as-a-Service (SaaS) and is not meant to promote or encourage participation in any form of fraudulent activity. All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

The last 10 years have seen a sharp increase in cybercrime. One of the most concerning developments is the emergence of Scam-as-a-Service (SaaS), which allows even inexperienced fraudsters without technological know-how to commit fraud en masse.

Bitdefender Labs Researcher Andrei Anton-Aanei has helped us expose the inner workings of one SaaS provider, shedding light on how the fraud operation thrives on platforms like Telegram and beyond.

Key Findings

1. Low-cost entry to the scam world: The SaaS provider offers scam kits for as little as €150, making sophisticated scams accessible to individuals with no technical experience.
2. Extensive reach: The group impersonates major brands across industries and has over 60 unique scams, targeting users in more than 20 countries.
3. Ease of use: The fraud process is simplified by extensive toolkits, APIs, and automated Telegram bots, which eliminate the requirement for technical knowledge.
4. Scam metrics: Buyers receive dashboards to track scam performance and refine their tactics based on user interaction data.
5. Target diversity and scalability: The SaaS model amplifies the global reach and scalability of cybercrime, posing serious risks to individuals and organizations worldwide. Impersonated brands include Disney+, Netflix, UPS, Amazon, and Groupe Société Générale, targeting industries like streaming, postal services, telecommunications, and financial services.

What Is Scam-as-a-Service?

Scam-as-a-Service (SaaS) refers to a business model in which cybercriminals sell tools, templates, and services that enable even novice hackers to execute scams. With minimal effort or technical expertise, users can purchase ready-to-use scam kits that makes it alarmingly simple for individuals to commit fraud on a significant scale.

The services offered include:

• Phishing kits with cloned websites.
• Telegram bots for automated victim interaction.
• APIs and dashboards for scam performance tracking.

SaaS eliminates the need for coding or hacking knowledge, lowering the barrier to entry and enabling the mass proliferation of scams worldwide.

The Cost of Deception: How Becoming a Scammer Works

One of the most alarming aspects of the operation is the ease with which aspiring scammers can join the criminal ranks. Telegram’s encrypted messaging and anonymity create an ideal environment for these transactions, and applying is as simple as entering a Telegram group and following simple instructions.

This accessibility significantly lowers the barrier to entry, increasing the proliferation of scams and their reach. Users do not need technical expertise, as the SaaS model provides all the tools and guidance required to execute fraud successfully.

The fraud group operates with a transparent and accessible pricing model, offering scammers an entry point for as little as €150 per scam. This fee provides:

• Clone pages of targeted services.
• Dedicated Telegram bots to harvest victim data.

For cybercriminals, this low-cost package is an invitation to exploit unsuspecting victims with ease.

The cybercriminals have professionalized their operations, boasting over 60 unique scams. Each scam comes with demonstration videos, allowing potential buyers to evaluate the tools before purchasing. This level of detail reflects the group’s systematic approach to maximizing efficiency and scalability.

How It Works

1. Setup Assistance: Buyers receive an API and a toolkit to deploy scams seamlessly.
2. Data Collection: Telegram bots are pre-configured to collect victim data efficiently.
3. Performance Metrics: A dashboard tracks user interactions and conversion rates, enabling scammers to refine their tactics in real time.

Impersonated Entities

The reach of SaaS provider is vast, impersonating entities across industries and regions such as:

• Streaming Services: Disney+, Spotify, Netflix, Shahid.
• Postal Services: UPS, DHL, Colissimo (France), Canada Post Office, and others.
• Telecommunications: Vodafone, SwissCOM.
• E-commerce and Financial Services: Amazon, Paylib, Qonto (France), and Groupe Société Générale.
• Government: L’ Assurance Maladie (French National Health Service)

Examples of scam templates of impersonated brands:

Real-Life Examples

1. Streaming Service Scams: Clone pages of Netflix and Disney+ prompt users to enter login credentials, which are then harvested for resale or further exploitation.
2. Postal Service Scams: Victims receive fake delivery notifications impersonating UPS or Royal Mail, leading them to fraudulent payment pages.
3. Financial Service Scams: Customers of Groupe Société Générale are tricked into sharing sensitive banking details through cloned websites.

These impersonations span over 20 countries, including France, Germany, Romania, Greece, the UK, the Netherlands, Canada, Poland, Japan, Hong Kong, and Saudi Arabia.

Legal Consequences for Aspiring Scammers

While the anonymity of Telegram might create a false sense of security for newbie scammers, participating in such activities carries severe legal risks. Laws in most countries treat phishing, identity theft, and fraud as serious crimes with penalties including imprisonment, financial penalties, and asset seizures.

How Individuals Can Protect Themselves

While scammers continue to refine their tactics, individuals can take proactive steps to protect themselves from falling victim to such schemes. Here are key measures to safeguard against scams:

1. Verify links before clicking: Use tools like Bitdefender Link Checker to assess the safety of URLs. This free tool can identify cloned websites and alert you to potential phishing attempts.
2. Be Skeptical of unsolicited communications: Avoid clicking on links or downloading attachments from unexpected emails, texts, or messages, even if they appear legitimate.
3. Enable Multi-Factor Authentication (MFA): Secure your online accounts with an additional layer of protection beyond just a password.
4. Use detection tools: Use Bitdefender Scamio to Detect scams in real-time on your browser, platforms like  WhatsApp, Facebook Messenger, web browser or Discord for free!  Don't forget to help others stay safe by sharing the localized versions of Scamio in France, Germany, Spain, Italy, Romania, Australia, and the UK.
5. Stay Informed: Regularly educate yourself about emerging scams and tactics used by cybercriminals.