The invitation is to directly access the official web portals of electronic businesses.
Photo: Bloomberg Agency
“Distrust! Look how good they don’t give so much”, as simple as it may seem, this is part of the main recommendations offered by computer security professionals when asked about how to avoid falling for the scams that circulate on the Internet.
This recommendation applies perfectly to a campaign by cybercriminals that was recently detected, in which the identity of the renowned electronic commerce, Mercado Libre, is supplanted to defraud victims, stealing sensitive data (such as numbers, codes and expiration dates of credit cards). credit) to transact or resell such information on the black market of the dark web.
ESET, the computer security firm that detected this threat, details that the fraudulent site hooks its victims by offering extremely attractive prices. For example, one of the swindled said that he took the bait when he saw a scooter that was being offered for $160,000, when the market price of one of these can range from $1,200,000.
Also read: This is how you can prevent scams that take advantage of state subsidies
“The fake site seeks to steal users’ financial data and has been being distributed through advertisements on YouTube and Facebook. Although we have observed that this site has been used in campaigns aimed at users from Colombia, we also detected that it has been used in Brazil. In addition to the fact that some elements in the design of the site are in Portuguese, the fact that the country can be selected and that several options appear, such as Argentina, Chile O Mexicoallows us to believe that it is likely to be circulating in one of these countries”, explained the cybersecurity firm.
As he explains, the main point of access that victims of this scam have is the advertising that circulates on social networks. By clicking on it, the chances of ending up taking the bait are high, since the design of the fraudulent web portal is quite sophisticated, since it not only uses the logo and visual identity of Free marketbut also allows you to browse a wide variety of product categories, just like on the real website.
The degree of detail even reaches the point that each of the products has the possibility of choosing between different models, they have complete descriptions and even the possibility of choosing the type of currency (according to the country of origin), with which wants to make the transaction.
Also read: Don’t get scammed: this is how the “post affiliators” work in Colombia
As if that were not enough, the site is indexed in Google search engines (it appears in the search results when a person is looking for promotions or certain products through this browser), so it is possible that a user ends up biting the hook thinking that you are entering the real Mercado Libre site.
“Once the victim clicks on the purchase option, they are directed to a page that emulates the checkout process. This is where the attack actually takes place. This site is different from the first. The malicious actors used a very little used and disreputable payment platform. Within the fraud reporting sites, the company responsible for the development of this tool to make payments has several complaints and links to other buying and selling scams aimed at Argentina, Brazil and Colombia”, he explains. ESET.
Once inside, the scammers ask the victim to enter their credit card information to carry out the transaction, as well as other information such as their full name, email, identity document, residence address and telephone number.
It may interest you: Beware of the scams that circulate these days on WhatsApp
The cybersecurity firm warns that providing this data to computer criminals is dangerous, as they can use it for identity theft or fraud, in addition to marketing it on the dark web for a few cents.
“Once the false purchase is made, the victim sees their money withdrawn, but never receives the product. This is how several affected people tell their experiences on complaint sites about this same website, even claiming the receipt of low-value products such as metal bars in some cases, ”details the computer security company.
How not to be scammed by these types of threats?
From the outset, the golden rule is to be wary when the offer seems too good to be true. Although this does not mean that all promotions found on the internet are risky. This is why it is also important that you heed the following recommendations.
Take a look at the URL: Although many scammers manage to almost exactly replicate the websites they impersonate, there is an easy way to know if that page is legitimate or not, its URL. Make sure this is well written. For example, the web portal of Mercado Libre in Colombia is www.mercadolibre.com.co, immediately be suspicious if you see alterations such as www.mercadoolibre.com.co or www.mercadolïbre.com.co. Did you find the differences? in the first link there is another “o”, while in the second the “i” has an umlaut (double dot). Paying attention to these kinds of subtleties makes a difference.
You can also check if a website is secure because its url is accompanied by a lock. Although you should be careful with this, because fraudulent or dangerous websites have also been found with this lock. You can verify whether or not this is valid by clicking on it, selecting the option “the connection is secure” and then “the certificate is valid”. There, the security certificate of the website will be opened, for example, in the case of Mercado Libre, it clearly reads that it was issued for Mercado Libre.
Enter the official sites: It is also prudent to enter the official websites, in this case the electronic stores, and look for the promotion from there. If you still have doubts, you can contact the brand’s official channels to ask if the promotion you are seeing is legitimate or not.
Just as in the physical world, there are also threats in the digital world. Once again, the invitation is to act with caution and abide by all security recommendations. Look how cheap can be expensive.