CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Scammers targeting secondhand shopping sites

admin by admin
January 13, 2023
in Information Security


Cybercriminals use phishing attacks on secondhand shopping sites to scam buyers and sellers in real time.

Buying and selling secondhand items has become pretty popular, as there are some platforms that allow people to do it easily from home. One of these platforms is Vinted, which is a well known site in Europe and North America to buy and sell secondhand clothes and other items.

In general, we don’t need to look much further than popular places where people do business to find cybercriminals and scammers perpetrating their crimes. I’m about to dive into a case of theft that took place on Vinted’s platform, but in reality, this kind of crime could have started in many different marketplaces of this kind.

The victim, who we’ll now refer to as Helen, is a close friend of mine who is, in general, quite internet-savvy. She has been doing all her banking online for years, regularly shops in many different online shops (anything from Shein and Aliexpress to Amazon or Zara), and she’s also familiar with secondhand items platforms, where she both buys and sells items on a regular basis. 

After Helen had some items that had yet to sell using another platform, she decided to give Vinted a try. She had friends that have been using it for some time, and with Vinted, Helen could reach a new audience that might be interested in the items that she was looking to sell: A painting and some women’s shoes. 

She created her account in Vinted and uploaded the two items. She was pleasantly surprised when, in a matter of seconds, she received a couple of messages from two different people who were each interested in one of the items. To her, it was especially amazing because she had had the very same items for sale on another platform, where no one had shown any interest at all.

The first interested buyer on Vinted sent her a screenshot showing how he had paid for the item, and in that same screenshot was a request for the seller’s phone number. At the same time, the second buyer was asking for her phone number in order to proceed with the transaction after the payment was made. 

At this point, I should mention that prior to this incident, Helen has never fallen victim to any scam before. In fact, she has been able to recognize phishing messages in the past (I’m her go-to security expert), and she knows that one has to be careful. However, this time the excitement and the rush of dealing with both sales at the same time got the best of her. She sent her phone number to the potential buyers.

A few moments later, she received two different SMS messages, both from the same sender (Vinted). The text was largely the same – the only difference were the last characters in the URL: 

Receive payment and complete the sale https://sms2waw.win/XxxXxx

When clicking on it, Helen was redirected to a payment gateway with the Vinted logo on top of it, indicating that she had to fill in her credit card details to receive the payment. She went ahead and did so. After filling in the form, a loading symbol appeared, and it seemed that something went wrong. Thinking that it might be a problem with her credit card, Helen entered the details of a different card. 

A few minutes later, she received the following messages on WhatsApp:

Helen responded saying that she hadn’t received any notifications. Some minutes later, she received additional WhatsApp messages from a different phone number:

Finally, Helen received an SMS message with the name of her bank in the ‘From’ field:

To verify your bank card in the system, you must confirm the push notification in your bank’s app

Helen opened her bank app, and there was indeed a notification that she had to approve for a total amount of €299. She received additional instructions in WhatsApp:

At that moment, Helen decided to contact me. She sent me screenshots of the different messages she had received and filled me in on the rest of the story. I told her not to accept any payment and to block her credit cards right away (fortunately, this was an easy, two-click operation in her bank app). She reported the users to Vinted as well as the phone numbers to WhatsApp and canceled her two credit cards. Luckily, the scammers didn’t siphon money out of either of them.

Money is a great motivator, and it’s what drives cybercriminals. These bad actors are experienced liars and are skilled at playing with our feelings at the right time. This can cause us to make irrational decisions that under normal circumstances we would never make. 

Note: I’ve translated each of the messages included in this article into English from Spanish.


Further reading:
‘Cancer Girl’ scam has stolen more than half a million dollars
Why is everyone getting hacked on Facebook?
The time I almost got scammed from my college email



Source link

Previous Post

Easy Learnings for the Digital Trailblazer

Next Post

Three key security themes from AWS re:Invent 2022

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Three key security themes from AWS re:Invent 2022

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.