Once Upon a Time on the Internet
Muscovite Oleg at the end of March [имя изменено] I saw a new PlayStation VR2 (PS VR2) virtual reality headset for sale on Ozone at an attractive price. The novelty of the seller costs 37 thousand rubles, others – 50-60 thousand rubles.
After payment, the marketplace allocated the purchase amount to Oleg’s Ozone card (virtual debit card from the marketplace – ed.). Money would be automatically transferred to the seller after Oleg confirmed receipt of the goods, but this never happened.
About an hour later Oleg got a call. The person on the other end of the line introduced himself as an employee of the store where he bought the PS VR2. He said that you need to confirm the data for delivery – the usual procedure.
“Strange things started to happen. The seller said he had entered my phone number for the courier and now needs to be confirmed. To do this, I had to say it again and then immediately say the numbers from the SMS or notification that came to the phone. A few times I said I didn’t get any messages, then the seller hung up.” said Oleg socialbites.ca.
Obviously, a scammer contacted Oleg. The numbers he requested were necessary to reset the password for Oleg’s Ozone account. By achieving this goal, the attacker will have gained access to the victim’s personal account in the marketplace.
Oleg complained the seller to Ozone support. After a few hours, the scammer was blocked on the platform and the purchase money was returned to the user.
will of luck
Alexander Vurasko, specialist of the RTK-Solar External Digital Risk Analytics Center, believes that Oleg’s intuition was lucky, because if he had received the code via SMS, he would certainly have lost the 37 thousand rubles he paid for the PlayStation VR2. .
“In this case, the monetization scheme is extremely simple. When the attackers access the account, they bind the debit card to the account and cancel the order, and then the money for the goods is returned to the fraudster’s account, not the victim’s account,” he said.
According to Vourasko, this scheme applies not only to Ozone, but also to other marketplaces where the so-called guarantor of the transaction has a buffer account where the buyer’s money is stored until the transaction is completed.
Nikita Leokumovich, head of the response and digital forensics department at Angara Security, noted that fraud on the trading floors is an old phenomenon, but attackers often develop new schemes whose purpose is to steal money.
“Such schemes are not new, they appeared two or three years ago.
Scammers buy ads on social networks and in the Telegram messenger, which say that many popular products are sold for half the price, or even for a “ruble”.
Ad text includes a link to the market. The user follows the link, then buys the product at a substantially low cost, and then the scammers contact him, ”explained Leokumovich.
Other scenarios may be very different.
“For example, the victim is told that the purchased product is over, they return the money and offer to go to WhatsApp to send it “from another warehouse”. Because the presence of a store seller in the marketplace is reassuring, the person acknowledges that they transferred the money to another account and then the seller “disappeared.”
When someone else’s account is stolen, scammers can order, buy, and then resell expensive goods to a confidential address at the expense of the victim.
The plans listed according to Leokumovich are valid for all market places popular with Russians.
“Scam sellers register on the market just like regular sellers. But then they begin to spin a specific plan, ”added Ksenia Rysaeva, head of the analyst group at the Innostage CyberART Center for Combating Cyber Threats.
According to him, account hacking has become more frequent in Ozone after the release of the Ozone card. Stolen accounts and data from them are used in various financial scams, including loans made on behalf of victims.
who is right who is wrong
According to Vourasko, such scammers are actively detected by online platform administrators and are often blocked before committing atrocities. Scammers understand this and try to act quickly.
“They are trying to deceive as many victims as possible in a short amount of time. “Given the fact that even 50% of the cost of PlayStation VR2 is a substantial sum, it quickly becomes possible to “earn” several hundred thousand rubles,” he said.
The expert stated that transferring access to the account to third parties is a direct violation of the Ozon ID terms of use, therefore, in such cases, only the victim himself is to blame.
Ozon’s press service told socialbites.ca that buyers do not transfer their personal data to sellers. Specifically, sellers only see fake phone numbers.
“You don’t need to make additional calls and provide any contact information to confirm the order,” the company warned.
However, as Oleg’s experience shows, the spoofing mechanism is easily bypassed with the help of social engineering – during the call, the victim is asked to give the phone number assigned to the account, supposedly to confirm the delivery.
“We always ask our customers to contact the seller and pay only from within our site. Even if you are offered to transfer data from your account, pay for the order using an external link, the interface of which is similar to well-known platforms, do not do this, ”warned Ozon.
Oleg Pavlov, head of the Public Consumer Initiative and candidate of legal sciences, told socialbites.ca that if authorization data is voluntarily transferred to a third party, the market is not responsible for the consequences.
“At the same time, it should not be forgotten that the aggregator is obliged to provide consumers with comprehensive and reliable information about sellers. Accordingly, if negotiations with law enforcement authorities reveal that an entity that does not exist or is operating on the trading platform is operating, the buyer’s loss may be compensated from the marketplace by a claim or court order.” aforementioned.
This means that if during the investigation it turns out that the scammer on the online platform is not registered as a legal entity or individual entrepreneur, the marketplace can still be held responsible for their actions.