{"id":22834,"date":"2024-05-31T08:39:40","date_gmt":"2024-05-31T12:39:40","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=22834"},"modified":"2024-06-19T10:36:23","modified_gmt":"2024-06-19T06:36:23","slug":"message-board-scam","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/message-board-scam\/22834\/","title":{"rendered":"How to sell your TV without losing your shirt (and banking data)"},"content":{"rendered":"

Popular message boards have long been a haven for scammers \u2014 you know, the ones who typically offer too-good-to-be-true deals on popular items? A brand new TV at half price? A near-mint-condition scooter with a 70% discount? A smartphone, still in the box and with receipt but 40% cheaper than retail? Scams, every last one.<\/p>\n

There\u2019s nothing complicated here: the scammer-seller asks the victim-buyer to pay for the given product through a special link<\/a>. The unsuspecting victim-buyer clicks the link, \u201cpays\u201d for the item, and loses their money. This common trick is known as scam 1.0<\/em> or the \u201cbuyer scam\u201d \u2014 and since most online buyers are already aware of it, it\u2019s practically vintage.<\/p>\n

Another fraudulent scheme is the \u201cseller scam\u201d or scam 2.0<\/em>, where scammers pose as buyers to deceive sellers. Let\u2019s break it down, and then discuss how to buy and sell safely on message boards.\n<\/p>\n

How the \u201cseller scam\u201d works<\/h2>\n

\nThe key difference between this scheme and the classic one is that the scammer pretends to be a buyer \u2014 not a seller. Scammers contact sellers with an offer to buy their product, but with a caveat \u2014 the transaction must be made as a \u201csecure payment\u201d on a \u201csecure\u201d site that acts as a guarantor. The scammer-buyer claims to have already deposited the funds into the system, and the victim-seller just needs to click a link (of course, a phishing one), enter their bank card details, and hit the \u201cReceive money\u201d button. And voil\u00e0! The banking card details are stolen, the account is drained, and the item stays on the shelf.<\/p>\n

First seen in Russia, this scam has spread around the world rapidly. We\u2019ve found evidence of it in Austria, Canada, France, Norway and Switzerland to date. We therefore recommend arming yourself with reliable protection<\/a>\u00a0before scammers target your country.\n<\/p>\n

Choosing a victim<\/h3>\n

\nMost often, scammers target listings that sellers promote through paid advertising. This indicates that the seller is more likely to have a nice fat wallet and is eager to make a quick sale \u2014 making them less likely to scrutinize a potential buyer\u2019s legitimacy. This sense of urgency plays right into the scammer\u2019s hands.<\/p>\n

Although businesses using message boards also use promoted listings, these are easy to identify by their high-quality photos and detailed descriptions. Therefore, scammers target only individual sellers who often have simpler photos, fewer reviews, and product descriptions that clearly haven\u2019t been written by a professional marketer.<\/p>\n

Finally, scammers look for sellers willing to share their phone number and switch the communication to external messengers. Whether the seller is willing to do so is ascertained through communicating with them.\n<\/p>\n

Warm-up and deception<\/h3>\n

\nHaving chosen a potential victim, scammers follow a fairly simple script: they greet the seller, ask a few questions (\u201cWhy are you selling? What condition is the item in?\u201d<\/em>), <\/em>and immediately proceed to the deal. The scammer says they\u2019re satisfied with the item, but can\u2019t pick it up in person \u2014 it needs to be delivered, which can be arranged after a \u201csecure payment\u201d. They then describe the payment scheme to the victim in detail:\n<\/p>\n

    \n
  1. I pay for your item;<\/li>\n
  2. You receive a link to receive the money;<\/li>\n
  3. You follow the link and enter your account number to get the money;<\/li>\n
  4. You\u2019ll be contacted by the order-processing service, which will pack, process, and ship the item to me.<\/li>\n<\/ol>\n

    \nIf the seller refuses such a payment method or insists on continuing communication on the official marketplace channel, the scammer simply disappears. There\u2019s no point in wasting time trying to persuade the seller, who\u2019s most likely one of our readers<\/a> and stays up to date with typical fraudulent tactics<\/a>.<\/p>\n

    However, if the victim falls for the trick, follows the phishing link and enters their payment details, the scammers immediately drain their bank account.\n<\/p>\n

    How to recognize phishing<\/h3>\n

    \nIn the scam 2.0 scheme, two types of phishing pages are particularly common. The first type replicates the marketplace listing page almost identically \u2014 with one small difference. See for yourself: this phishing page looks exactly like the original listing but, instead of the Inserent kontaktieren<\/em> (\u201cContact the seller\u201d) button, the scammer\u2019s button says Receive 150 CHF<\/em> (CHF = Swiss francs).<\/p>\n

    \"The<\/a>

    The original listing for a monitor (left) and the phishing page with the scam button on a fake site (right)<\/p><\/div>\n

    Upon clicking the link, the seller sees their listing on what they believe to be the legitimate marketplace site (although the website address differs from the original if they look closely). They click the \u201cReceive money\u201d button, and land on another phishing page with a form to enter their bank card details.<\/p>\n

    In the second type of phishing page, the scammers don\u2019t bother replicating the victim\u2019s listing and instead send them directly to a fake copy of a secure payment service like Twint.<\/p>\n

    Phishing pages for conducting a \"secure payment\"<\/a>

    Phishing pages for conducting a \u201csecure payment\u201d<\/p><\/div>\n

    As you can see from these screenshots, the potential victim needs to enter not only their bank card number but also the CVC code, cardholder\u2019s name, expiration date, as well as their email address and personal phone number. In the first case, they\u2019re even asked to disclose their account balance. With all this data, the scammers can effortlessly steal every last penny in the account.<\/p>\n

    This type of scam has been industrialized: entire groups of cybercriminals are involved, having developed specialized tools for deceiving both buyers and sellers on message boards as effectively as possible. You can read more about the inner workings of this illegal business in our investigation<\/a>.\n<\/p>\n

    How to trade safely on message boards<\/h2>\n

    \nTo avoid falling victim to scammers when selling or buying goods on marketplaces, follow these rules:\n<\/p>\n