- Hans Weber
- October 4, 2022
Payment fraud on the web is on the rise
Fraudsters are trying all sorts of tricks to clean out people’s accounts. They usually take advantage of people’s gullibility, and they don’t even need a tricky computer virus. Attacks have increased rapidly over the past two years, and there is hardly a month when banks or the police do not warn of new scams.
For example, a forty-one-year-old woman from Stochov recently lost 10,000 crowns. She was selling a children’s bicycle through an online bazaar where she demanded CZK 1,700. On the very first day, a bidder contacted her.
The message still contained a link to the “Get 1700” box. The woman clicked it in good faith and was redirected to another page where she filled in her credit card information.
“She submitted these as requested. The sum of 1,700 was withdrawn from her bank account five times and 1,500 once, “the police spokesperson added.
According to Petr Barák, chairman of the Czech Banking Association’s (CBA) security committee, clients should not assume that someone is trying to get access details to their accounts and their internet banking from them as the alleged buyer of their goods is approaching them.
“They are interested in selling the goods, and in achieving this as soon as possible, they cooperate and fill in their card details and account accesses, thinking they are doing nothing wrong and feeling that they will get money. Unfortunately, the opposite is true, “Barák pointed out.
The number of so-called bazaar phishing scams increased tenfold year on year in March alone. Attackers mainly target sellers who choose the so-called secure payment method, i.e., sending money from card to card, for example, via the so-called wallet of the selected bazaar.
The Czech Banking Association (CBA) has warned that clients of the Vinted bazaar should be particularly attentive. Komerční banka has also explicitly warned against this bazaar in its online banking.
“They contact the advertisement saying they are interested in buying your goods. They will send you a fraudulent link to accept payment. It may look like a simple link to your bank’s payment gateway. When you click on it, a form pops up. They will ask you to fill in your login details and possibly your credit card number. You will then receive a request in KB Keys to confirm the incoming payment. However, you confirm to the attacker that you have logged into your banking account,” the bank warned.
CBA described the scam as the seller being contacted by a counterparty wanting to make payment for goods using a credit card. Usually, they will contact via a WhatsApp mobile message and send the seller a link to fill in the card details to receive the money. Sometimes he pretends that he wants the card details for the delivery service.
While this payment method is standard on e-shops, it is not between two portal customers. The customer can be virtually 100% sure that it is a scam in this case. Under no circumstances should people fill in any details in links that someone sends, even if the other party has a seemingly more plausible excuse.
Fake bank websites
Sometimes, scammers also send a link to a fake website of the seller’s bank to lure the seller’s login details and other confidential information. Therefore, clients should never access bank websites from links sent to them.
If they are sent such a link, they should not fill in any details but rather contact their bank immediately. Some bazaars themselves offer so-called secure payments, e.g., via their wallets. These are so-called card-to-card payments, where it is only necessary to fill in the recipient’s name, card number, and expiry date. No other details need to be filled in.
The seller should certainly not fill in, for example, the CVC code on the back of the card or the details for accessing online banking. If someone requires this as a condition for sending money, it is a clear sign that it is a scam.