The online consumer protection organisation Safeonweb has warned of the latest technique used by fraudsters to steal the data of unsuspecting users of second-hand sites like 2dehands.be.
The issue was highlighted by VRT presenter Sven Pichal on his Facebook page De Inspecteur. The technique goes as follows:
The target receives a message that will be familiar to anyone who has logged into an online account from an unfamiliar device, such as a new phone. A mail claiming to be from 2dehands.be informs you of the unusual log-in, and asks you to confirm it was indeed you. To do so, you have to click on what looks superficially like a genuine link to a 2dehands.be page.
But of course it is anything but. The link is a trap by which the scammers hope to gain access to your personal data, including your bank details.
“In the last few weeks there have indeed been several reports concerning 2dehands.be,” said Katrien Eggers of Safeonweb, an initiative of the Belgian Centre for Cyber-security. “If we were to search all incoming reports for keywords, the word ‘2dehands’ would show a spike.”
“Hackers always use variations of phishing emails. Some are better produced than they used to be, others are just as bad. But it’s true that they do seem very realistic, because the logo is right or the content of the mail seems at first sight correct. The mistakes are often in the little things, like spelling mistakes.”
But there are some dead giveaways.
“If there are links in an email message, instead of clicking on it, run your mouse over it, and then you will see the domain name – the part before the .be, .com etc – which shows the real name of the organisation. In a phishing mail, that will never be 2hands, but instead something like ‘update’ or ‘info’”.
Anyone who receives a suspect email or other message should refrain from investigating, and instead forward the message to firstname.lastname@example.org, and then delete it immediately.