Deception on Facebook’s social network impersonates the identity ofFree Market and Payment Marketto steal access credentials, credit card details and identity document. The advertisement on the social network is aimed at customersPlatinium of different credit cards and offers a supposed promotion to access an exclusive credit card from the well-known Mercado Pago payment platform.
That is, it is an official domain ofPayment Market.
In the case of using a computer, the user is directed to access through the application of their cell phone. But, when accessing it from the mobile device to the false site, the fraudulent campaign begins to collect data from the victims.First request to enter the email address or username and password to access the platform.
In order to find out what data the campaign requests, ESET filled in fictitious data throughout the test.
After entering the credentials, under the argument of validating the user’s identity,request to enter all the data of the current credit card.Then, request a photo of the front and back of the victim’s identity document.
Instead of collecting all this data from the victim, the system redirects to a pageFacebook in which the identity of Mercado Libre is supplanted.
“With the data obtained through the campaign, cybercriminals can not only carry out transactions with the credit card or commercialize this information, but they also have the necessary tools to carry out identity theft scams. They can even contract credit products in digital wallets or online banks, which can be activated online using the sending of the collected information as a form of validation; like the photo in the document. ”commented Luis Lubeck, Computer Security Specialist at ESET Latin America.
For its part, the companyESETalready alertedMercadoLibre about the existence of this campaign. In case you have been deceived, we recommend following the same steps as in cases of being the victim of a leak. In this sense, the company recommends monitoring the movements of the affected credit card, and also periodically checking that they have not requested products under their name.
“As we always say when faced with this type of deception, it is important that users keep in mind that when in the slightest doubt of the legitimacy of a promotion, they should not click on a link that appears in a suspicious context, especially if it is a message that arrives unexpectedly. In case of observing an announcement about a product or service that interests you, we recommend verifying its origin and accessing more information from the official site. On the other hand, if you were the victim of this deception and shared your personal information, we recommend modifying your access credentials and communicating with your financial institution. “Concluded Lubeck.
Did something similar happen to you?