The platform Free market has approximately of 46 million buyers and according to published data, 13 purchases per second. In addition, the company has Mercado Pago, its payment and financial transaction service.
“As is often the case with very popular platforms, games, apps and services, It is very attractive for opportunists who use different strategies to keep users’ money. It is important to know them in order to take the necessary security measures and avoid being a victim of deception or scams ”, he mentioned. Martina López, Researcher at the ESET Latin America Laboratory.
What are the most common scams in Mercado Libre and Mercado Pago:
- Phishing and fraudulent communications:
Phishing is a type of attack that uses engineering, a method by which It is intended that the victim conscientiously deliver what the cybercriminal is looking for (personal information, money, etc.), without the need to spy on the victim’s device or steal files.
What usually happens is that the attacker sends a email in which the victim is made to believe that it is an official communication in which the user is warned about a security problem or suspicious movement in the supposed account and that your identity needs to be verified to regain access or prevent the account from being suspended.
Another recurring alternative that attackers choose instead of warning messages is to appeal to great offers or gifts. The objective in these cases is the same. Have the victim submit their information believing that it is a legitimate communication and the attacker keeps his access credentials and data.
- Shipping of the product by unofficial means:
In these cases the criminals try make the payment through means that are not associated with Mercado Libre to be able to deceive the victim and leave her without the support of the platform. Here, the scammer poses as a seller of some high-value product and with high demand attractively low prices and they ensure they have wide availability.
The cybercriminal clarifies that he has special shipments that you make in a particular way. Thus, when a victim buys a product, they are asked to pay for an expensive shipment outside the platform.
To avoid suspicions of the victim, the scammer requests this payment through Mercado Pago (or another way), arguing that the processes are thus associated, which is false. After the victim sends the money and makes the purchase in Mercado Libre, the seller ignores it or cancels it.
In this case the system does not recognize sending the money as part of a purchase and therefore there is no transaction to reverse, since the shipment was made from outside, and that is where the scam occurs. The buyer does not receive any products and the scammer keeps the money sent.
- Unawareness of purchase:
This modality is based on taking advantage of an oversight that the victim may have when selling a product through Mercado Libre or when charging a product through Mercado Pago via a payment link.
The scammer makes the purchase of some object of great value. The means of payment used, which is key in the deception, is through a credit card associated with a person other than the alleged buyer. At the time of making the transaction, you pay remotely with a credit card associated with a person with an identity document other than the one provided by the scammer to the seller.
If the seller receiving the payment money does not notice this difference in identity, it may be too late to claim the merchandise.
Mercado Pago gives the user who buys the possibility of ignore the purchase to get the money back. This is how this person who paid remotely manages to undo the operation and, When the seller realizes the missing money, he cannot find the cybercriminal: this purchase ignorance is made a few seconds after the transaction.
In the case of Mercado Libre, the scammer withdraws the purchase in person, but he declares on the platform that it was not like that, and requests the refund of the money. This difference in the identity document between who paid for the purchase and who withdrew it gives rise to harm the seller, who loses both the money and the product.
- Sale of fake products and fake returns:
This kind of deception aims both buyers and sellers, and involves high-value products.
In the event of the scam targeting buyers, the scammer poses as a seller, with little public information available and no reviews. The publications are made from images downloaded from the Internet. Once the purchase is made, the victim receives an object of similar size and weight, but away from the fertilized product.
On the contrary, if the scam is directed to the seller, the cybercriminal poses as one more buyer of the hundreds that operate on this platform. Once the purchase is made and the product is received, the scammer declares it as defective and requests a refund of the money. This mechanism involves sending the product by the buyer to the seller, and then undo the payment operation by the first.
From ESET they share the following tips to avoid these scams
- If a communication is received, verify the actual sender and do not provide sensitive data that the company itself ensures that they will never request by mail or instant messaging.
- Enable two-step authentication and use a strong password, both in Mercado Libre and Mercado Pago, to protect both accounts.
- On the buyer’s side, it is important verify the identity of the seller and verify that before carrying out the transaction you have a solid reputation.
- To sell products, Verify that the identity of who makes the purchase and who pays it is the same. Make sure that the buyer has provided all the necessary information to make a possible claim.
- Do not carry out transactions outside of Mercado Libre, since the user is left without the support of the platform before any problem.
- Review the products that are received or shipped at the moment to make any necessary claims.