Home News A new type of scam on Facebook offers fake gift cards

A new type of scam on Facebook offers fake gift cards

Scam

A new type of scam has emerged targeting Facebook and Messenger users in the Czech Republic and other countries, with the aim of stealing personal data or money. Posing as a known contact, the scam offers fake gift cards for stores such as Lidl or Allegro. Security firm Gen reported this in a press release today.

You might like: Trading vs. Investing

Ghostpairing returns

According to Gen’s researchers, this is a variation of so-called “ghostpairing,” a scam originally discovered in the Czech Republic, in which attackers are able to gain full access to the victim’s WhatsApp account.

The new scam focuses on Facebook and Messenger, where the attacker sends the victim a message on behalf of a person the victim has in their contacts. The attacker has already stolen that person’s Facebook account. In the message, the attacker asks for a phone number and then offers the victim a gift voucher or card. Typically for Lidl or Allegro, though other variants may exist. To redeem it, the victim must send the attacker the codes that are sent to their phone.

In reality, however, these are security codes for various services, such as Facebook, WhatsApp, and others. If the victim forwards them, the attacker can use them to reset passwords for their accounts and secretly pair another computer or phone.

Read more: eToro – Review

Scam escalates fast

“This scam is particularly dangerous because the message comes from someone the victim knows and has saved in their contacts—a friend or family member—and therefore lets their guard down. All it takes is a brief conversation, a request for a phone number, and an enticing voucher offer; by forwarding the verification codes, the attacker immediately takes control of the victim’s accounts,” said Martin Chlumecký, a malware researcher at Genu.

The attacker may also request basic information about the victim, such as the phone number mentioned above, an email address, and the name of the bank they use. They then attempt to reset the password for her bank account. After which the victim receives an email notification about an attempt to change her login credentials. Shortly thereafter, the victim is contacted by a fake bank representative or a fake police officer claiming that their account has been compromised and immediate action is required. These scenarios are often designed to extort money, while the attacker may also sell the obtained personal data on the dark web or use it for other forms of extortion and manipulation.

Source: Reuters

Don’t miss out on: Wonderinterest Broker Review

LEAVE A REPLY

Please enter your comment!
Please enter your name here