In a new scam that cybercriminals are targeting sellers on auction sites. Scammers no longer just send links to fake sites, but call with an offer of help.
Cybercriminals have combined two scams. They not only write, but also call
Criminals search for potential victims among private sellers on auction portals, and then contact them informing them of their willingness to buy the goods. These messages are often accompanied by links to crafted pages where they try to extort, among other things, online banking login details.
After sending the message, the criminals call the seller and – pretending to be a bank or transaction service employee – offer assistance in carrying out the transaction. The fact that they see about the planned sale of the item is supposed to make them more credible in the eyes of potential victims.
During the conversation, scammers inform that before the transaction is finalized and the funds collected, the money must be transferred to a special, secure account. In another version of the scam, they claim that the auction site must verify the seller’s details before collecting the money. This is of course a trap. The real goal of cybercriminals is to extort BLIK codes (for withdrawing funds from an ATM) and force the victim to approve the transaction in mobile banking.
What data should not be provided to bank “consultants”?
mBank also warns against providing sensitive data when talking to a person claiming to be a bank consultant or auction service employee – including BLIK codes and payment card details. Bank experts also advise to always carefully read authorization messages (in text messages and in the application), not to authorize transactions that we did not initiate ourselves.
It is also worth being especially careful on websites received in messages or e-mails, even if they are deceptively similar to the bank’s transaction service. First of all, we should not provide there login details and payment card numbers, the code for pairing the bank’s mobile application, and personal data – e.g. PESEL number and mother’s maiden name.
As mBank writes, cybercriminals have still not given up on old, but still effective methods. Thus, they send information about an alleged underpayment for shipment, electricity, etc. and a blocked account in a bank or streaming service.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
