The Internet Security Office frequently warns about new ways that cybercriminals have to trick their victims. Today they report new cases that are taking place and that have as their main target those who sell their products on websites and applications for the purchase and sale of second-hand items such as Wallapop or Vinted.
This is how this new scam works on Wallapop or Vinted, which is starting to become more frequent.
Be careful if you sell on Wallapop or Vinted
The Internet Security Office reports a new method that cybercriminals are using to scam. On this occasion, his focus of interest is sellers on second-hand trading platforms such as Wallapop or Vinted.
These criminals show interest in buying a product and try to get the seller and potential victim to continue the communication outside the platform , in any other instant messaging application such as WhatsApp or Telegram.
Once there, they report an alleged payment for the product, attaching a fraudulent link that impersonates the Wallapop or Vinted platform , indicating that the seller must enter their data to complete the transaction.
In said link, the victim is instructed that they must enter their card details in order to make a transfer of money from the alleged buyer. In reality, it is a case of phishing in which the bank details entered are not for you to receive the payment, but your bank information is stolen and can be used for unauthorized purchases.
How to avoid this fraud
The simplest solution if you are a seller on Wallapop or Vinted is that you only communicate through the platform’s internal chat and do not reach an external medium such as email or WhatsApp unless it is necessary for an emergency. In addition, it only accepts transactions within the payment system of the application itself so that the transaction is protected against any incident.
If a user, mainly one who, due to the short time they have been registered makes you suspicious, insists on taking the conversation outside the app in question, report their profile using the reporting options of the app itself.
Some security tips that the OSI suggests to carry out transactions on trading platforms safely, applicable to this and other cases, are the following:
- Check if the buyer has recently registered, fraudulent buyers usually have only been on the platform for a short time.
- Review previous reviews and profile verification.
- If the buyer asks you to continue the communication outside of the platform, they are suspicious, their objective is to leave no trace in order to carry out the fraud.
- Do not accept payment by any alternative method to the platform.
If you have read this security notice later than you should have and you have already been stung, go and file a complaint with the State Security Forces and Bodies , trying to attach all the evidence you have of the scam, including conversations, images of the supposed payment, etc.
If you provided your bank details, contact your financial institution as soon as possible to inform them of what happened and that they may cancel any fraudulent charges.
