SINGAPORE — The police on Friday (Dec 2) warned that they have seen an increase in a type of phishing scam involving fake buyers on Carousell, with reported losses from purported victims amounting to at least S$335,000.
Posing as interested buyers on the e-commerce platform, these scammers would reach out to sellers and ask them to key in their banking details on spoofed websites to facilitate the payment of the product or for delivery charges.
These victims would only realise they have been scammed once they discover that unauthorised transactions have been made from their bank accounts.
Since November this year, at least 352 victims have fallen prey to such scams.
In this scam variant, the police warned that the scammers would reach out to the victims on Carousell and express interest in the items which they had listed on the platform.
After agreeing to the sale of the items, the scammers would then request for the victims’ contact details to receive a link to facilitate payment or delivery of the item.
Depending on the contact details shared with the scammers, the victims would then receive an email, SMS or WhatsApp message from the scammer with dubious URL links or QR codes.
Upon clicking on the links or scanning the QR codes, the victims would be redirected to a spoofed website to enter their internet banking login credentials, bank card details or their one-time password (OTP).
The police said that the victims would only realise they have been scammed once they discover that unauthorised transactions were made from their bank account or cards.
In a reminder, the police said that members of the public should always verify the buyer’s profile on online marketplace when making transactions.
They should also verify any URL links and not click on those that are dubious.
“Only domains that end with carousell.com or carousell.sg are Carousell domains. URLs such as carousellpay.com, carousell.xxx.com, carousell-pay.com, carousell.pay-sg.com are not Carousell domains.
“Carousell does not send links via SMS, and would only send OTPs via SMS. This OTP should only be keyed into the Carousell application or webpage,” said the police.
Members of the public are also advised to verify the authenticity of any information with the e-commerce platform directly and to never disclose their personal or internet banking details and OTP with anyone.
Lastly, they should report any fraudulent transfers to the bank immediately and report any suspicious user on the online marketplace to the e-commerce platform.
The police also warned that Carousell users are to be wary of buyers who asked for their email address or phone number “on the pretext that the details are required for the buyer to make an order through Carousell Protection”.
“Carousell does not ask for payment, order confirmation, or card details via external sites or email,” said the police.
Those with information relating to such crimes can call the police hotline at 1800-255-0000 or submit it online.