877 people duped by fake buyers on Carousell since December, Latest Singapore News - The New Paper

877 people duped by fake buyers on Carousell since December

This article is more than 12 months old

At least 877 victims have fallen prey to scams involving fake buyers on online marketplace Carousell since the start of December, with losses totalling at least $836,000.

This is a sharp increase from the previous month, when there were at least 352 such victims, the police said.

At least 975 victims have been duped by this phishing scam variant between January and November, with at least $938,000 lost.

The police said on Wednesday that they observed an uptick in activity involving the scam in December.

Scammers posing as buyers would ask sellers for contact details so that they can send a link to a website to facilitate payment for or delivery of the items on sale.

The scammers would then send the victims either an e-mail, SMS or WhatsApp message with dubious URL links, such as cutt.ly/31uXCDu or carousell.quick-funds.in/266780736.

Alternatively, the scammer would send a QR code for victims to scan.

After doing so, victims would be redirected to a spoofed website to provide information such as their Internet banking login credentials, bank card details or one-time password (OTP).

They would only realise they have been scammed when they notice unauthorised transactions made from their bank accounts or cards, said the police.

The police advise sellers to verify a buyer’s identity by checking his Carousell account’s verification status, creation date, reviews and ratings.

The police said they observed an uptick in activity involving the scam in December. PHOTO: SINGAPORE POLICE FORCE


Sellers should also verify URLs. Only domains that end with carousell.com or carousell.sg are Carousell domains, while other URLs such as carousellpay.com, carousell.xxx.com, carousell-pay.com, carousell.pay-sg.com are not domains from the platform.

“Carousell does not send links via SMS, and would only send OTPs via SMS. This OTP should only be keyed into the Carousell application or webpage,” the police said.

A spoofed Carousell Protection phishing website (left) and a phishing website (right). PHOTO: SINGAPORE POLICE FORCE


They added that Carousell does not ask for payment, order confirmation or card details via external sites or e-mail and stressed the need to be cautious when dealing with buyers who asked for personal information.

Users could also check out the platform’s help centre for information on how to differentiate between Carousell’s legitimate websites and its phishing counterparts.