Fraud in online marketplaces
In online marketplaces, fraud is very common. Read about the scams that are prevalent in online marketplaces to be able to spot the warning signs.
Fraud in online marketplaces (Facebook Marketplace scams)
With the rise of sustainable thinking, recycling has become increasingly popular and many online platforms (such as Facebook Marketplace, Yaga, eBay, etc.) offer a convenient way to resell items.
Online marketplaces are used for agreeing on payments, sending parcels, and paying for goods, which is why they attract fraudsters. These platforms are used by individual fraudsters as well as organised and automated groups.
For example, individual scammers offer items that they have no intention of delivering (or send the buyer some arbitrary worthless item). In another common scheme, fraudsters express a wish to buy an item, but fail to pay for it by sending the seller an image of a fake payment order and asking them to post the item quickly. Often, these people operate systematically for a long time, so others post warnings about them in social media groups or a court might have even passed a judgment regarding them.
Organised criminals generally attack in an automated way, using new (or hijacked) accounts and responding automatically to new sales ads. They direct the user to click on a phishing link and enter their bank card details or log into a fake online bank.
Phishing scams in online marketplaces
Phishing scams, such as those in Facebook Marketplace, are usually automated and designed to obtain the credit card details or bank account login credentials of a user. In terms of content, Facebook Marketplace scams are a more devious and time-consuming version of the phishing scams committed posing as courier companies.
Most of the phishing messages are sent randomly. In Estonia, for example, scammers send out mass phishing emails or text messages, impersonating Estonian banks or courier services. The fraudsters have various databases containing thousands of email addresses and phone numbers belonging to Estonian residents. The success of this strategy depends on luck as well as chance – if a fraudster sends an email or a text message posing as a representative of a random organisation, but the recipient has no connection to the company, the message is more likely to be ignored and the phishing link remains untouched.
Criminals are inventing new ways to increase the likelihood of clicking on a phishing link; for example, they use various online marketplaces (primarily Facebook Marketplace, but also other platforms used in Estonia) where the person who posted the ad is waiting for a message from a potential buyer. Instead of sending out random phishing messages, scammers look for advertisements and contact the seller of the item, claiming they want to buy it. Then, they come up with various excuses as to why the seller has to pay first (e.g. for delivery or insurance), or the scammers offer to pay for everything themselves, but the victim has to register the order using a link they are sent. The aim of these activities is the same – to lure the user to click on a phishing link and obtain their credit card details or the credentials for logging into their bank account (PIN1 and PIN2 of their Mobile-ID or Smart-ID).
Such scams generally work as follows:
| Step | Examples |
|---|---|
| The scammer contacts a person selling an item on Facebook and claims to be interested in buying it. This is the kind of a message the seller has been waiting for, so they would like to complete the transaction quickly. |  |
| The buyer then informs the seller that they cannot collect the item themselves and offers to use a courier service as a solution; the buyer asks for many details to ‘register the parcel’ or uses some other excuse and sends a phishing link (usually, through the communication app of the online marketplace, but also by email). The purpose is to prepare the victim for receiving a phishing link to increase the likelihood of clicking and entering the details. |  |
| The ‘buyer’ then sends a phishing link that leads to a phishing site. Please note! Look at the phishing link in the message in the example! The reasoning of the buyer may vary: the buyer has already paid for the item and to the courier for the delivery and the seller only needs to confirm everything through the link provided by the buyer; the buyer claims that the seller needs to insure the package or pay the delivery fee and the link takes the latter to a phishing site to enter their bank card details or make a payment in the environment referred to in the link; … or any other reasoning that asks to confirm something or enter details. It is important to ignore such messages and not click on the links! | 
|
| Once the seller has clicked on the phishing link, a phishing page is displayed (Note! Check the URL of the page!) that is designed to mimic a courier service provider (e.g. Omniva or DPD or similar). As the layout of the page is familiar and identical to that of the real service provider and the amounts displayed match the information in the sales ad, the seller decides to complete the ‘transaction’. The seller fills in all the necessary fields on the page. The seller can choose to confirm the ‘transaction’ using Smart-ID or Mobile-ID. Once the seller enters their details to the phishing site, the scammers use the information to gain access to the bank account of the victim and siphon out as much money as possible. |
 
|
| The victim logs into their internet bank and discovers that the amount of money promised has not been credited to their account, and instead, a large amount of money is missing from their account. Such scams can lead to losses running into thousands of euros. | |
Warning signs to monitor to reduce the likelihood of becoming a victim of fraud
While it is not possible to completely avoid becoming a victim of a scam when using online shopping environments, as scams are constantly evolving, the risk can be significantly reduced by remaining aware and vigilant. To avoid becoming a victim of a scam, do the following:
| Warning signs | Explanation |
|---|---|
| The time when the buyer/seller created their account | A very recent account may be set up specifically for scams. |
| Account content of the buyer/seller | If the account has been around for a long time and there is activity on it, it is more likely to be an account belonging to a real person. Please note! Nowadays, many people restrict access to their accounts, so lack of information does not always mean that the account has been set up for scams. |
| Payment methods | Settle directly with the buyer/seller – by bank transfer, cash, or by using the deposit option in the online marketplace. If a buyer sends you a (courier) link or asks you to enter some information, then you are dealing with a phishing attempt and you stand to lose considerably more than the price of the item you are selling. |
| Bank account to which payment is requested | If you are transferring the payment to a bank account, you should use an Estonian bank account and the name of the account holder should be the same as the name of the seller. If the payment is requested to someone else’s account or to a foreign bank account (the account number does not start with ‘EE’), you could be dealing with a scam and should ask the seller for further clarifications or the transaction should be abandoned. In reality, there may be occasions when a seller uses a foreign bank account for perfectly valid reasons, but these cases are rare. Please note that banks may not always check in the case of interbank payments within Estonia whether the account user’s name and the account number match. |
| Check the background of the seller online before making a transfer | If a search for a seller by name (in a search engine and on social media, for example) reveals that they are involved in fraud or other suspicious behaviour, there is a high chance of being scammed. |
| When selling, always check that the payment has been received before dispatching the goods | Always make sure that money has reached your bank account before you hand over or send the goods. Scammers often send a copy of a payment order that has been forged. |
What should you do if you have fallen victim to fraud in a shopping environment?
- If you realise that you have fallen victim to a phishing scam and have given a fraudster access to your account, do not enter any more PINs of your Mobile-ID or Smart-ID and contact your bank immediately via the customer support number on their official website (use the search engine!);
- if you spot suspicious transactions on your bank account or think your card details may have been leaked, contact your bank immediately to close your card: you may get your money back or at least avoid further theft;
- submit a report (in the case of a smaller loss as well) to the Cybercrime Department of the Police and Border Guard Board: https://cyber.politsei.ee/;
- if necessary, contact cert@cert.ee and the experts of the Information System Authority will advise you on further action. The information you provide can also help to catch criminals and prevent future incidents;
- keep all evidence of the theft, such as screenshots, emails, etc;
- tell your family and friends about what happened – this will raise their awareness and help to prevent similar situations.