The police said on Dec 2 there has been an increase in the phishing scam variant where scammers would pose as buyers on Carousell and victims would be asked to key in their banking details on spoofed websites to facilitate payment or delivery. — Pay online photo created by jannoon028 - www.freepik.com
SINGAPORE: At least 352 victims have fallen prey to scams involving fake buyers on Carousell since November, with losses amounting to at least S$335,000 (RM1.08mil).
The police said on Dec 2 there has been an increase in the phishing scam variant where scammers would pose as buyers on Carousell and victims would be asked to key in their banking details on spoofed websites to facilitate payment or delivery.
“In this variant, scammers would approach victims on Carousell and express interest in items that the victims had listed on the platform,” said the police. “After agreeing to the sale of the items, the scammer would request for the victims’ contact details to receive a link to facilitate payment or delivery of the item.”
Victims would then receive an e-mail, SMS or WhatsApp message from the scammer with dubious URL links, like cutt.ly/31uXCDu or carousell.quick-funds.in/266780736, or QR codes.
Upon clicking on the links or scanning the QR codes, they would be redirected to a spoofed website to provide information like their Internet banking login credentials, bank card details or one-time passwords (OTP).
Victims would realise they had been scammed only when they find out unauthorised transactions had been made from their bank accounts or cards, said the police.
The police advised the public to always verify buyer’s profile on online marketplaces by checking the account’s verification status, creation date, reviews and ratings.
They also urged the public to verify URLs, noting that only domains that end with carousell.com or carousell.sg are Carousell domains while other links such as carousellpay.com, carousell.xxx.com, carousell-pay.com, carousell.pay-sg.com are not domains from the platform.
While Carousell sends OTPs via SMS, it does not send links that way, said the police.
“Carousell users are advised to be wary of buyers asking for an e-mail address or phone number on the pretext that these details are required for the buyer to make an order through Carousell Protection. Carousell does not ask for payment, order confirmation, or card details via external sites or email,” the police added.
For more information on differentiating genuine Carousell websites from phishing sites, spotting scam trends, or transacting safely on the platform, the police advised users to check with the platform’s help centre. – The Straits Times (Singapore)/Asia News Network
