Danger! A new Facebook hoax seeks to steal credit card data

by


Deception on Facebook’s social network impersonates the identity ofFree Market and Payment Marketto steal access credentials, credit card details and identity document. The advertisement on the social network is aimed at customersPlatinium of different credit cards and offers a supposed promotion to access an exclusive credit card from the well-known Mercado Pago payment platform.

That is, it is an official domain ofPayment Market.

Screen accessed by the user from a computer after clicking on the ad.
Screen accessed by the user from a computer after clicking on the ad.

In the case of using a computer, the user is directed to access through the application of their cell phone. But, when accessing it from the mobile device to the false site, the fraudulent campaign begins to collect data from the victims.First request to enter the email address or username and password to access the platform.

When accessing from the cell phone, the deception seeks to steal the access credentials by requesting to enter a username and password.

In order to find out what data the campaign requests, ESET filled in fictitious data throughout the test.

After entering the access credentials, the deception seeks to collect the complete data of the victim's credit card, and requests the sending of a photo of the front and back of the identity document as part of the supposed process of validation of the user's data. .
After entering the access credentials, the deception seeks to collect the complete data of the victim’s credit card, and requests the sending of a photo of the front and back of the identity document as part of the supposed process of validation of the user’s data. .

After entering the credentials, under the argument of validating the user’s identity,request to enter all the data of the current credit card.Then, request a photo of the front and back of the victim’s identity document.

Instead of collecting all this data from the victim, the system redirects to a pageFacebook in which the identity of Mercado Libre is supplanted.

“With the data obtained through the campaign, cybercriminals can not only carry out transactions with the credit card or commercialize this information, but they also have the necessary tools to carry out identity theft scams. They can even contract credit products in digital wallets or online banks, which can be activated online using the sending of the collected information as a form of validation; like the photo in the document. ”commented Luis Lubeck, Computer Security Specialist at ESET Latin America.

For its part, the companyESETalready alertedMercadoLibre about the existence of this campaign. In case you have been deceived, we recommend following the same steps as in cases of being the victim of a leak. In this sense, the company recommends monitoring the movements of the affected credit card, and also periodically checking that they have not requested products under their name.

“As we always say when faced with this type of deception, it is important that users keep in mind that when in the slightest doubt of the legitimacy of a promotion, they should not click on a link that appears in a suspicious context, especially if it is a message that arrives unexpectedly. In case of observing an announcement about a product or service that interests you, we recommend verifying its origin and accessing more information from the official site. On the other hand, if you were the victim of this deception and shared your personal information, we recommend modifying your access credentials and communicating with your financial institution. “Concluded Lubeck.

Did something similar happen to you?

.

Source link

 

Search Millions Of Tech Jobs Now Free

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.