[ad_1]
The attackers contact a user who has posted an advertisement for the sale of a product on OLX, declare their interest in the purchase, and then claim that they have made the payment. However, to collect the corresponding amount, it would be necessary to access a link and enter the details of the card on which the amount should be transferred. Of course, this is a scam, the attackers stop any conversation after receiving the card details and the victims are withdrawing money from the account, CERT-RO warns.
How the attempted fraud works
Potential buyers are directly in touch with the OLX service users who sell certain products. Soon, under a certain pretext, the fake client transfers the OLX conversation to another communication channel, usually WhatsApp.
Most of the time, the received messages have a strange expression, even though they are in Romanian. It’s a sign that that text could have been translated with a tool available for free online. Grammatical errors or repetition of terms in the same sentence can be such clues, so analyze the information carefully before clicking!
The next step attackers take is to inform potential victims that the product has already been paid for. They generate a false link where the sellers are asked for the details of the card, including the CVV / CVC code, under the pretext of having paid for the marketed product. Unfortunately, this link leads to a phishing page, through which cybercriminals try to collect the card data of users.
How do we find out about this? Although that web page uses the visual identity of the OLX brand, in reality, if we analyze the domain name of the transmitted link (.xyz), we can see that we are NO longer on the official website (see image below), but on a malicious site. Also, the only time OLX requires card entry is when purchasing OLX ad serving or promotion services.
When the user enters the card data in these phishing sites, it automatically enters the possession of the attackers, who from that moment have the possibility to withdraw money from that card. Of course, any conversation stops after that point, and sellers are surprised not only that their money did not enter their account, but even that certain amounts were illegally withdrawn from their card.
In recent days, the CERT-RO team has been notified that attackers are using other visual identities for pishing sites, usually from reputable companies in Romania. An example would be FanCurier, as you can see in the images above.
Specialist recommendations to avoid fraud attempts
- Please carefully analyze and validate the received information before clicking on links or attachments from unknown sources! Why would you provide someone with the complete card details, including the transaction validation code (CVV)? Anyone with access to this data can use the card to make payments.
- You can scan these suspicious links with certain tools available for free online (for example, VirusTotal) if you do not have a security solution installed on your device to prevent malware infections or phishing attempts.
- Pay attention to the expression of the interlocutors in writing, as well as the grammatical correctness of the text! Often, the attackers are not of Romanian origin and use automatic text translation tools to converse with potential victims in their native language.
- If you fall into this trap, it is vital that you contact the card issuing bank as soon as possible to block the card and any illegal transactions on your account.
- If you have suffered material damage, you will need to file a report at the nearest police station to open an investigation.
[ad_2]
