CERT Orange Poland warns against suspiciously cheap items being offered on the Facebook Marketplace. The victim tempted by a “one in a lifetime special offer” arranges the payment details and delivery method through Facebook messenger.

Following this, criminal asks the victim to transfer PLN 40 (ca. 9 euro) as a payment for shipping. Due to the “fact” that there’s a “bank collector” watching his bank account criminal then asks the user to use PayU instead and provides the victim with a link to it.

According to CERT the provided link was an utter and complete failure of a scam attempt – “hxxps://payu.transakcja-029235464.pl/” but even with this the victim did not pay attention to it. Victim entered the login and password and confirmed the transfer with a code from the text message sent out by the bank. The very next day the victim tried to log into his bank account and could not do it, it appeared that he was locked out of it. After the bank unlocked the access it turned out that all of the funds from the account have already been transferred out.

The above case shows the exceptional carelessness of the victim, because just the provided payment link should trigger the red warning light. Long story short, be wary of “one in a lifetime” deals listed on social media, or any other channels.