Criminals like to go fishing for victims online. That was the experience of Markus, who wanted to sell his bicycle on an advertising platform and got caught in the net of a fake buyer’s ingenious phishing scam. How was that possible? And how can you as a seller protect yourself against data theft on the Internet?
Markus’s old bike had been standing around in the basement for a while, so he decided to sell it on a free advertising platform. Soon after posting the advert, a potential buyer responded via WhatsApp. Having asked a few harmless questions, the interested party then wrote to Markus saying that he wanted to buy the bike but lived too far away.
Tip: Conceal your phone number when advertising on online marketplaces such as Tutti, Anibis or Ricardo and communicate only on the provider’s portal.
The fake buyer asked Markus to ship the bike by post and assured him that he would pay for it in advance. Markus agreed and received a phishing link that led to a fake Swiss Post page. As the page design looked deceptively real and the information about the goods and the agreed price were correct, Markus didn’t become suspicious and clicked on the button as requested.
Note: If you are asked to click on a link, that should serve as a loud warning for you. If Markus had looked more closely at the phishing link, he would have noticed that the page was not from Swiss Post. That’s why you should always check the website address when going online.
Fraudsters disguise themselves as trustworthy companies or financial institutions to try get you to share personal information such as access data or passwords with them. They mainly use phishing e-mails to do so. But they also get hold of valuable confidential information via the Internet or messenger services such as WhatsApp or SMS (smishing). Here too, they get you to click on a phishing link and enter your personal details. If the fraudsters come into possession of your personal details such as national insurance number, bank account information or bank card details, they can steal your identity and withdraw money from your account, open new accounts or request a refund from the tax office – as well as many other fraudulent activities.
Clicking the button was the first step in the sophisticated data theft. The phishing link was hidden behind the button, so when Markus clicked on it, the phishing fraudster was able to bypass the two-factor authentication, which offers increased protection through additional proof of identity. The next step had fateful consequences, because by confirming the push message, Markus allowed the criminal to shop at his expense.
Important: Never confirm push messages from the banking app if you haven’t ordered a payment or initiated an action yourself beforehand.
If you have had your data stolen by phishing fraudsters, inform your financial institution immediately. With a bit of luck, the money transfer can still be stopped. You should also block your debit and/or credit card immediately and apply for a new one. If you have uncovered any fraudulent activities as a seller, report them to the relevant advertising platform. This will allow them to block the buyer. You should also contact the platform provider if you have shipped goods and the buyer hasn’t paid. If necessary, file a complaint with the police.
Nowadays, paying with a card on the Internet is a matter of course. However, this simple and convenient payment method also comes with risks such as fraud and identity theft. Recognize fraud schemes and test your knowledge at The link will open in a new window card-security.ch – the police website about using your cards securely. You can also find out more about other types of fraud in our blog article “Scammers’ tactics. What you need to know”.
