Cybercriminals are using online car auctions and photo-sharing services to dupe victims into downloading malware, the FBI has warned. Once infected, the victims are led to fake websites to buy cars – and when they pay up, the criminals vanish.
In a post to the FBI news blog, the bureau warns of a scam where vehicle buyers are duped with fake adverts which appear without pictures, with photos available “on request”. The images are sent either as attachments or as a link to an online photo sharing service – but in both cases, the photos deliver malware to the victim’s computer.
The FBI also warns that fraudsters also contact buyers who lose an online auction, saying that the “ the original bidder fell through”, then attempt the same scam.
“If you are planning to buy a vehicle online, beware,” the bureau says in its post. “Cyber criminals are posting ads on the Internet without pictures, providing photos only upon request. The photos often contain malware that infects the victim’s computer.”
“This malicious software will direct the victim to a fake website – run by the cyber criminals – that looks nearly identical to the site where the ad was originally seen. When the victim agrees to purchase the item and makes the payment, the criminals stop all correspondence, and the victim never receives the merchandise.”
The FBI warns buyers to watch out for extremely low prices, and to watch out for suspicious car dealerships, and insecure websites when buying vehicles. “Keep your computer software, including the operating system, updated with the latest patches,” the bureau says in its post. “Ensure your anti-virus software and firewalls are current – they can help prevent malware infections.”
Author Rob Waugh, We Live Security