Toro-Blog-listing

Facebook Marketplace – The latest frontier for cyber criminals

Written by Connor Conlan-Coke - Cyber Security Consultant | Feb 6, 2024 4:00:00 AM

Facebook marketplace was introduced back in October 2016, and it changed the landscape on purchasing not only second-hand products but also new products. The concept was quite brilliant. Bringing together communities up and down the country allowing people to sell quite literally anything and all that is required is a Facebook account. Great idea, what could go wrong?

Quoting the great Isaac Newton - for every action there is an equal and opposite reaction. As the marketplace gained traction and noticeability across the globe with positive reviews this provided an opportunity for cyber criminals to ambush and target unsuspecting victims.

The opposite negative force has now arrived…

But this is Facebook? The social media platform we all love and use. A multi-billion-pound organisation. Cyber criminals have no chance against this Goliath. Wrong. Since sprawling across every corner of globe and now operating in 222 countries Facebook marketplace has now become one of the latest frontiers where cyber criminals operate, and they’re flourishing. At this point you must be thinking. Well how much have they stolen? According to a study conducted by TSB retail banking chain more than a third of listings were fraudulent with UK customers losing a staggering sum of money close to the £60 million  mark on the platform in 2023. To put that into context that’s roughly 214,000 average British citizens who lost their entire years wage. 

But how is it possible? We now live in a totally different age to what the previous generation did. Cyber warfare and criminality are relatively new in the grand scheme of things and a large proportion of the public are unaware of the dangers that lurk within this space. The digital landscape is ever evolving. Just like our cars, our habits, even our belief’s. As this landscape moves it provides gaps and opportunities which cyber criminals see as vulnerabilities and look to exploit. 

The Scam – That sofa you just seen on marketplace. It’s the perfect fit for your living space. Even better it’s in great condition and a fraction of the price compared to when it was brand new. However, there is an issue. You are not the only one interested. If you want it, you have got to act quick. We’ve all heard the term “You snooze you lose” Well not today, I’m in there quick and first. To top it off the seller has kindly agreed that they will hold it for me. All they want is a £50.00 deposit. I’ll transfer that over and collect it on the weekend. However, the weekend arrives, and the contact has now blocked me. Odd? We had a deal…

Unfortunately, the likelihood is that many others also had a deal. But they’re also on the blocked list. The seller? The person that didn’t even have a sofa in the first place… They’ve just topped up their bank balance and are treating themselves to a nice getaway. 

Now some of you reading this may feel that you’re not going to fall that. Not today. You’ve got to think outside the box to catch me out. Well attackers on the web know this. The ever-evolving cat and mouse game means they must introduce new and innovative ideas as people’s awareness increases. Introducing Facebook marketplace phishing scams. You know that sofa we were discussing. Well the seller is moving out. Instead of contacting the council to dispose of the sofa they’re just giving it away. Good idea, right? And many people do this ethically. However, be aware. Sometimes a wolf lurks within the sheep. But who’s to say this wolf is after money?  Information is on the menu today. The sofa is free remember and you want it before anyone else. Similar to the deposit scam.  The seller seems genuine and polite and asks that you fill in some contact details such as your address and mobile. After all they need to deliver it right?  Just click the link and fill your details in. Often these links contain malware which will infect your computer and could provide the attacker with an abundance of personal information. Oh, and the mobile phone number you also provided and the address to deliver the sofa. A quick call to your mobile phone provider and a sob story with the baby crying in the background and a brand-new sim card registered in your name could be on its way to the attacker. Once they have that they will have access to your MFA codes and you’re in a world of pain. Email accounts, Online accounts, all for grabs. Don’t believe me? Have a look for yourself on YouTube and people conducting ethical tests on unsuspecting victims. 

Now I could delve deeper. Scammers aren’t solely concentrated in the seller’s space. There is an equal amount of scams conducted in the buyers realm too which I’ll discuss at a later date. However, this blog wouldn’t be constructive without information to help you avoid these scams.

So, firstly. Never provide any personal information. The messenger within marketplace is more than adequate to maintain communication. Secondly, always try to meet the seller in a public space and ensure the item you’re buying is as described. Last but not least which ties in nicely with point number 2. Deal with cash where possible. Combine these 3 controls and you’ll avoid being on the wolfs menu. Stay safe.