The Facebook marketplace is a corner within the social platform where you can buy and sell all kinds of products. It arrived in Spain in 2017 a year after its official launch in the United States. Wallapop, another sales platform, often exhibits similar practices.
This weekend we learned the story of an alleged scam that starts with the announcement of a machine and in the following lines We are going to give you some guidelines that will make you understand why the specific email that the potential buyer has received it has all the earmarks of being a phishing attack.
Ransomware: what it is, how it infects and how to protect yourself
First contact
Jesus was looking for construction machinery and in the Facebook marketplace he found a machine with the characteristics of the product that he needs to buy. And at a much lower price than normal. The profile that published it It is from a person who seems normal and innocent and even has photos with family both now and in the past. There is nothing suspicious there. When contacting them to ask for references about the sale, this person tells Jesús that the machine belongs to his aunt and that what he has to do is send an email to the email address.
There is an indication to be suspicious: having a communication channel open, such as Facebook Messenger, being asked to open this new channel is strange. It may be to steal your email and thus get more information from you for future scams. In addition, the price of the product is much lower than what you normally find on the market. And that can also be an indication that the end goal is not the sale, but to get your data.
Reply mail
Jesus decided to send an email. And the response of that person who supposedly has the machine for sale returns to show other aspects that may make us suspect the veracity of this sale. First, it gives a lot of information about your private life. Explain what her profession is, the reason why she lives in that city and why she will not be able to make the sale directly, but it will be done through a shipping company.
She says that the machine belongs to her ex-husband and that is the reason for the low price. And that she is in Tenerife working as a hostess but that the shipment will be done by a company to which the potential buyer has to give various information. The mail says:
If you are interested in the mini excavator, I will wait for your Full Name, ID and Full Address (city, street, number, postal code and telephone number) then the shipping company (Transportes Tenerife Express SA) will contact you for details of the checkout.
The objective at the moment is not to cheat money, but it does get a lot of personal data from interested people. With this data, attackers will be able to prepare future emails much more prepared to get the victim to fall into a trap in the future.
In addition, you can take a walk through the marketplace again and see that there are no more profiles advertising the same product as a decoy. In this case, after a short look at Facebook’s purchase and sale protocol you can find someone else who posted the same ad. Either that woman who wants to sell the machinery has many nephews who help her, or clearly, something suspicious is behind it.
What to do if you have fallen into the trap
Whatever happens, in such a case, do not make the payment. What’s more, if you have already given your personal data, you will have to be very careful in the future with the emails you receive. Although the email that reaches you knows your information and sends you a totally personalized email, do not trust if you are not clear that you know the sender and that that person is the one who has written to you.
In addition, you can always report this fact to the Civil Guard or the National Police or INCIBE, among others, so that can alert on their social networks about these alleged scams to prevent other people from falling into the same trap.
In case you have made a payment, call your bank as soon as possible to block possible transactions.