More than S$830,000 lost to Carousell phishing scams in December as police warn of sharp rise in cases
At least 877 victims had fallen prey since the start of December, compared to at least 975 victims from January to November.
Examples of conversations between the scammers and victims on Carousell or WhatsApp. (Images: SPF)
SINGAPORE: More than S$830,000 were lost to phishing scams involving fake buyers on e-commerce platform Carousell since the start of December, the police said on Wednesday (Dec 28).
In an advisory, the police said that scammers would pose as buyers on Carousell and victims would be asked to key in their banking details on spoofed websites to facilitate payment or delivery.
The police noted a "sharp increase" in the number of a phishing scam variant involving fake buyers on Carousell in December alone.
At least 877 victims had fallen prey since the beginning of December, with losses amounting to at least S$836,000, the police said.
From January to November, there were at least 975 victims of such scams, with losses amounting to at least S$938,000.
HOW THE PHISHING SCAMS WORK
According to the advisory, scammers would approach victims on Carousell and express interest in items that the victims had listed on the platform.
After agreeing to the sale of the items, the scammer would request for the victims’ contact details to send a link to facilitate payment or delivery of the item.
Depending on the contact details provided, the victims would then receive an email, SMS or WhatsApp message from the scammer with dubious URL links or QR codes. Upon clicking on the links or scanning the QR codes, the victims would be redirected to a spoofed website to provide their internet banking login credentials, bank card details or One-Time Password (OTP).
Unauthorised transactions would be made from their bank accounts or cards.
Carousell users are advised to be wary of buyers asking for an email address or phone number on the pretext that these details are required for the buyer to make an order through Carousell Protection, said the police.
“Carousell does not ask for payment, order confirmation, or card details via external sites or email.”
For more information on differentiating real Carousell websites from phishing sites, spotting scam trends, or transacting safely on Carousell, users may wish to check out Carousell’s Help Centre, added the police.
Advisory on Carousell phishing scams
- Always verify the buyer’s profile on online marketplaces by checking the account's verification status, creation date, reviews, and ratings.
- Do not click on dubious URL links and always verify the URL links. Only domains that end with carousell.com or carousell.sg are Carousell domains.Â
- If in doubt, always verify the authenticity of the information with Carousell directly.
- Never disclose your personal or internet banking details and OTP to anyone.
- Report any fraudulent transactions to your bank immediately.
- Report any suspicious user and fraudulent transaction from the online marketplace to Carousell.
