Police warn of scammers impersonating Carousell buyers, sending victims phishing links
There have been at least 69 victims since March, say the police.
Screenshot of a phishing website impersonating Carousell. (Image: Singapore Police Force)
SINGAPORE: The police on Friday (May 6) warned of a phishing variant where scammers would pose as buyers on Carousell and send out fake links for victims to complete the transaction.
There have been at least 69 victims since March, with losses amounting to at least S$47,000, said the police.
Scammers would typically approach victims on Carousell and express interest in buying the items they are selling.Â
The scammer would then request to make payment via CarouPay – an app payment feature - to the victim’s PayNow account.Â
“Thereafter, the victims would receive an email purportedly sent from Carousell, indicating that payment was made. They would be required to access their bank accounts via a phishing link or PayNow QR code provided within the email in order to receive the payment,” said the police.
After clicking on the links or scanning the QR codes, victims would be redirected to fraudulent sites impersonating bank websites, where victims would be tricked into providing their banking details and one-time passwords in order to receive payments.
Victims would only realise that they have been scammed when they discover unauthorised transactions made to their bank accounts.
CarouPay, now known as Carousell Protection, will never require users to confirm payment via email or require people to reveal any online banking login credentials through third party websites, said the police.
They also advised people to verify a buyer’s profile on online marketplaces by checking the account's verification status, creation date, reviews and ratings.
“Do not click on links provided in unsolicited emails and text messages,” the police added.
“If in doubt, always verify the authenticity of the information with the e-commerce platform or with the banks directly.”
