LeBonCoin is the target of a particularly well-crafted new scam. Hackers exclusively target Internet users who have put an item up for sale on the ad site. Thanks to a fake SMS and a fake application, they will try to extract the money from your bank account. We explain how to spot the deception.
An elaborate scam is currently seeking to trap Internet users who sell items on LeBonCoin, report our colleagues at Numerama. At first you will receive an SMS which ensures to come directly from LeBonCoin. This SMS announces that a prepayment has been sent to you.
Scammers refer to the secure payment service integrated into the site. This service “allows you to carry out simple and secure transactions (less than € 2) for your exchanges between individuals directly from your messaging”, explains LeBonCoin on the website. Since 500, the site has in fact allowed users to pay online by credit card. As long as the transaction is completed, LeBonCoin keeps the money sent by the buyer. This is not the first time that a scam has relied on this system to rob LeBonCoin users.
The SMS is accompanied by a link that relays to a dummy version of the site announcements. Unsurprisingly, the hackers mimicked the interface and design of the platform to perfection. To allay the mistrust of the victims, they even add a preview of the ad and photos posted.
A detail nevertheless already allowing to detect the scam: the URL. As a reminder, the address of the site is none other than “www.leboncoin.fr”. In this case, we could spot the presence of several additional letters, underlines Numerama. To access the official site of Le Bon Coin, we advise you to go through a search engine and avoid links received by email or SMS.
Also Read: Spoiled Holiday for 12 Families Who Rented Same Ghost Apartment on LeBonCoin
A phishing attack targets Android smartphones
To recover the money made available by the buyer, the dummy site will ask you to go through the Android application of LeBonCoin. A link on the site allows you to install the application directly from the Google Play Store.
This is obviously a trap: if you click on it, an APK file will be directly downloaded to your smartphone. Unsurprisingly, Android will ask you repeatedly if you are sure you want to install this APK from an unknown source. At this stage, we imagine that only the less experienced users will fall for the trap.
The application takes the design of the LeBonCoin website to the letter. To complete the transaction and receive your money, the application will ask you to provide your credit card details. The hackers indeed pretend a problem with the bank card currently registered to trap Internet users.
This is where the trap closes: hackers retrieve the coordinates of your map. This valuable information can be used to subscribe to paid services or to empty your account. Sometimes crooks resell your card data on dark web black markets instead in order to avoid potential trouble with fraud detection systems. Have you ever been trapped like this? We await your testimony in the comments.