There has been an increase in phishing scams with cyber criminals disguising themselves as agents from popular e-commerce platform, Lazada. The cyber criminals would pose as part-time work agents for Lazada, convincing victims of an easy means of earning cash.
Victims would be asked to perform simple online tasks, one of which includes making payment directly to the syndicate’s bank account rather than the e-commerce platform.
Using WhatsApp as their main source of communication, the scammers convinced victims by giving them commissions for the first two tasks. However, from the third task onwards, they will make excuses to delay payments, and subsequently becoming unreachable – taking with them the money from the scammed victims.
In Malaysia, the fraud syndicate posing as agents looking for part-time workers for e-commerce platform, Lazada, has been apprehended by the Selangor police. The syndicate is believed to have caused a total of RM 200,00 (US$ 48,450) in financial losses for its victims.
“Since Feb 6 until today, 23 investigation papers have been opened regarding the syndicate, involving a total loss of RM219,271 (US$ 53,300).
“The syndicate will usually return the cost paid by the victims, together with the commission as promised, after they finished their first and second tasks, but for the next tasks, the syndicate will start giving excuses before being unable to be contacted,” said Yazid in a statement.
Sharing his thoughts on this situation, Sharat Sinha, Vice President & Head of Asia-Pacific & Japan at Check Point said, “This is a case of SMS phishing carried out by cybercriminals who are leveraging people’s interest in work from home opportunities during the pandemic. SMS phishing generally involves a text message with a single link to a fake account login page.”
“In addition, new SMS phishing tactics use a text message with a link that when accessed downloads zero-day malware. SMS phishing targets consumers and enterprises alike and actors are introducing new techniques to increase its effectiveness. These attacks are used to steal users’ credentials and data to access corporate networks and applications.”