Silvana Saldisuri
07/15/2021 6:01 AM
Clarín.com
Services
Updated 07/15/2021 6:01 AM
It is increasingly common for sites that attract a large mass of users, such as Mercado Libre and
Mercado Pago
, to also become attractive for cybercriminals to carry out all kinds of scams on
unsuspecting victims
.
It is for this reason that both sellers and buyers should pay attention to any fraud attempt and be able to avoid it.
The
Mercado Libre
platform
has approximately
46 million buyers
and, according to published data,
13 purchases
are made
per second
.
In addition, the company has Mercado Pago, its payment and financial transaction service.
Sites that attract a large mass of users are attractive to cybercriminals for all kinds of scams.
Photo: Clarín Archive
“As is often the case with very popular platforms, games, apps and services, it is highly attractive to opportunists who use different strategies to
keep users' money
.
It is important to know them in order to take the necessary security measures and avoid being a victim of deception or scams ”, says
Martina López
, Researcher at the ESET Latin America Laboratory.
What are the most common scams suffered by sellers and buyers in Mercado Libre and Mercado Pago?
Phishing and fraudulent communications
Phishing is a type of attack that uses social engineering, a method by which the
victim is expected to conscientiously deliver what the cybercriminal is looking for
(personal information, money, etc.), without the need to spy on their device or steal files.
What usually happens is that the attacker
sends an email in which it makes the victim believe that it is an
official communication
in which the user is warned about some security problem or suspicious movement in the supposed account and that
their identity needs to be verified
to regain access or prevent them from the account is suspended.
Fraud and deception through false messages.
Photo / Courtesy Eset
Another recurring alternative that attackers choose instead of warning messages is to appeal to
great offers or gifts
.
The objective in these cases is the same;
make
the victim send their information
believing that it is a legitimate communication and the attacker keeps their access credentials and data, such as their card numbers.
In addition to the mail, nowadays the
campaigns that circulate through WhatsApp
are common
where different excuses are used to awaken the interest of potential victims.
One of the most common is the promise of gifts or raffles
using the company's anniversary celebration as a pretext
.
The deceptions that circulate through WhatsApp have in common that most of the time they ask the victim to forward the message to a number of contacts in order to receive the benefit.
Although this is false and there is no benefit, in this way the attackers ensure that the message continues to circulate and with great chances that a victim will fall for the trap when receiving it from a known contact.
Bogus gifts and free giveaways on behalf of a company.
Photo / Courtesy Eset
Shipping of the product by unofficial means
In these cases, the criminals try to collect through means that
are not associated with Mercado Libre
in order to deceive the victim and leave them without the support of the platform.
Here, the cybercriminal
pretends to be a seller
of a high-value product with high demand (next-generation consoles, cell phones, computers, among others), for attractively low prices and they claim to have wide availability.
The scammer clarifies that he has
special shipments
that he makes in a
particular
way
.
Thus, when a victim buys a product, they are asked to pay for an expensive shipment outside the platform.
To avoid the victim's suspicions,
the scammer requests this payment through Mercado Pago
(or another way), arguing that the processes are thus associated, which
is false
.
After the victim sends the money and makes the purchase in Mercado Libre, the seller ignores it or cancels it.
Although this generally means that the money is reimbursed to the buyer, in this case the system does not recognize the sending of the money as part of a purchase and therefore
there is no transaction to reverse
, since the shipment was made externally, and it is where the scam occurs.
The buyer
does not receive any products
and the scammer keeps the money sent
.
Unawareness of purchase
A form of deception
aimed at sellers
, both in Mercado Libre and Mercado Pago.
It is based on taking advantage of an oversight that the victim may have when selling a product through Mercado Libre or when charging it through Mercado Pago.
The scammer makes the purchase of an object of great value.
The means of payment used, which is key in the deception, is through a credit card
associated with a person other than the alleged buyer
, and therefore, a different ID.
If the seller who receives the payment money does not notice this difference in identity, it may be too late to claim the merchandise.
Many fake sellers try to make the payment through means that are not associated with Mercado Libre.
Photo Shutterstock
In the case of Mercado Pago, the platform gives the buyer the possibility of ignoring the purchase to recover the money.
This is how this person who paid remotely manages to undo the operation and, when the seller realizes the missing money, he cannot find the cybercriminal:
this ignorance of the purchase is made a few seconds after the transaction
.
In the case of Mercado Libre, the scammer withdraws the purchase in person, but declares on the platform that it was not the case, and
requests a refund of the money
.
This difference in the identity document between who paid for the purchase and who withdrew it harms the seller, who loses both the money and the product.
Sale of fake products and fake returns
This kind of deception
targets both buyers and sellers,
and it involves
high-value products
.
In the case of the buyer scam, the scammer poses as a seller, with little public information available and no reviews.
High-value products at an attractive price can be seen in their publications.
The publications are made from images downloaded from the Internet.
Once the purchase is made, the victim receives an object of similar size and weight, but
far from the paid product
.
On the contrary, if the scam is directed at the seller, the cybercriminal pretends to be a buyer.
Once the purchase is made and the product is received, the scammer declares it
defective
and requests a refund.
This mechanism involves sending the product by the buyer to the seller, and then undo the payment operation by the first.
It is there, then, when deception comes into play.
False online publication of product sales.
Photo / Courtesy Eset
From
Free Market
pointed to
Clarin
that "the security of purchases, sales, payments and collections are among its priorities and its experts are focused on continually optimize their systems to prevent and detect any fraudulent transaction."
Meanwhile, they highlighted that "they have advanced technology that analyzes more than 5,000 variables per second to validate each transaction and offer users a safe environment, backed by their protected purchase program.
However, they suggested following some
recommendations to protect data and money
when operating through the Internet.
If an irregularity is detected in the account, contact Mercado Libre through the app or the web to receive help or make a report.
Photo: Shutterstock
How to protect yourself to avoid scams in both Mercado Libre and Mercado Pago?
1. Make the purchase within Mercado Libre:
carry out all transactions through the platform and use the tools offered by the site, such as
Mercado Pago and Mercado Envíos
.
Contacting sellers outside via messaging services or social networks leaves them at the mercy of any fraud attempt.
2. Do not exchange personal data in the question / answer section.
When a product is bought or sold, you have access to a chat with the buyer or seller details to solve all doubts.
No one should request personal data, the ones that are needed are already registered on the site or platform.
3. Review the reputation of the sellers:
before buying, it is recommended to read the comments at the bottom of each publication to learn more about the quality and attention of the seller m (and the quality of the product), according to the experience of other buyers .
4. Do not share personal data by e-mail, telephone or text message:
personal information, such as credit card number, identification, security codes or tax identification number will never be requested by these means.
5.
Use Mercado Envíos whenever possible: it
is the best way to guarantee the delivery process, but, in case you coordinate directly with the seller, the ideal is to sign a delivery receipt.
If any irregularity is noticed, make the claim immediately on the Mercado Libre platform.
6.
Do not share information about the means of payment: remember that all payments on the Mercado Libre platform are made through Mercado Pago, so account data, credit or debit cards should never be shared by e-mail, WhatsApp, social networks or any other channel.
7.
Corroborate the authenticity of the emails received: check the domain (url) letter by letter, verifying that it is indeed that of the platform (www.mercadolibre.com).
Fraudulent sites usually have some very subtle letter or modification, which is not visible to the naked eye.
8.
Online payments:
check the url of the site when paying.
Check that the page where the data is entered has a padlock next to the web address or the term "Https".
9.
Remember that
it is never advisable to click on links or download files
, unless you have requested them or it is clear who is sending it and what it is about.
10.
If an
irregularity
is detected
in the account
, contact Mercado Libre through the app or the web to receive help or make a report.
Do not give out
personal information on the
other
s channels.
LN
Look also
The 10 least known rights of bank customers and how to defend them
How to use strong passwords and never forget them: 3 effective techniques