Sunday 18 March 2018, Poradnik bezpieczeństwa

New fraud discovered on OLX – impersonating Przelewy24 payment platform

Lost24

The unknown group of cyber criminals, impersonating the Przelewy24 payment platform, have flooded the OLX portal with tempting offers.

The scheme is simple, the fraudsters are looking for so-called bargain hunters, offering equipment up to 80% cheaper than market prices. If the transaction takes place, the buyer/victim is asked to cover the shipping costs via the InPost company. For this purpose, the victim receives a link to the fake Przelewy24 payment panel, which is confusingly similar to the original. However, the choice of payment methods is much smaller than in the original one. The buyer can choose only from several banking login panels belonging to mBank, PKO BP, BZ WBK, Millenium and Alior Bank.

The vigilance of the victim is dormant, because when logging in to the banking system, the site is equipped with the green padlock icon, thanks to the use of SSL certificates from Let's Encrypt.

According to the Zaufana Trzecia Strona portal, the fraudsters can monitor the victim's logging into the bank's panel, thanks to which they obtain the necessary data to define a trusted transfer. In the next step, the victim will be presented with a fake massage designed to extort the authentication code from the SMS message.

The portal informs that the number of the unaware victims is increasing rapidly. Therefore, we encourage you to share this information with other people.