Online marketplaces are magnets for fraudsters, they use them to sell non-existent items, buy with stolen credit card numbers, and scam legitimate customers.
A report by the Federal Trade Commission in 2019 found that, out of the 3.2 million marketplace complaints in that year, fraud made up 53.1% (1,697,934) of the cases. Identity theft was second with 20.3% (650,572).
Marketplaces that allow customer ratings are also under pressure to monitor and prevent fake reviews.
Since marketplace buyers and sellers need to reveal personal information such as shipping addresses, scammers commonly target marketplaces with phishing and social engineering attacks.
Let’s discuss how to put an end to marketplace fraud.
What Is Marketplace Fraud?
Marketplace fraud happens anytime someone buys or sells something illegally on an online marketplace. This may include listing products or services for sale that do not exist or whose qualities are exaggerated.
Fraudulent buyers, meanwhile, purchase marketplace items with stolen credit cards, which is a form of card not present (CNP) fraud and triggers chargeback requests from legitimate cardholders.
A common scam, for instance, sees fraudsters pose as a seller, only to redirect the interested buyer to a malware-ridden website.
A fairly new and growing worry is triangulation fraud, particularly effective on marketplaces such as eBay and Amazon.
It should also be noted that these days, marketplace fraud is almost synonymous with Facebook Marketplace fraud.
Facebook Marketplace has become a favorite for fraudsters, who create fake profiles in order to go through with all the aforementioned scams.
6 Marketplace Scam Examples
The most common scams feature variations on the theme of selling fake or non-existent items or buying with stolen credit cards, but there are more sophisticated fraudulent attacks too.
#1: Triangulation Fraud
Triangulation fraud is a growing form of online fraud that takes advantage of online marketplaces’ lack of merchant profile verification. Here is how it works:
- A fraudster sets up a merchant profile on a marketplace and lists items at a discounted price.
- A legitimate customer purchases one of those items.
- The fraudster purchases the item from a legitimate shop using a stolen credit card and gives the legitimate customer’s shipping address to the legitimate shop.
- The customer receives the item and gives the fraudster a high rating.
- The legitimate cardholder, meanwhile, makes a chargeback request with the legitimate shop.
- As a result, the legitimate shop has to pay for the chargeback.
What makes triangulation fraud particularly hard to detect is that neither the original customer nor the marketplace is informed of the chargeback request.
It’s only the person whose card was stolen and the shop where it was used that have to sort out the issues created by the fraudsters.
#2: Overpayment Scam
The overpaying scam involves stolen credit card numbers. A fraudster will contact a seller and pretend to be interested in purchasing the item.
They do so but overpay, so then they ask for a partial refund through another payment method.
If the merchant agrees, the fraudster pockets the refund, while the initial payment is either canceled by the legitimate cardholder or blocked. The merchant ends up paying the fraudster and not getting money for the sale.
#3: Fake Property Rental
Fake rental ads boomed during the pandemic, as many renters could not immediately visit the property.
Fraudsters exploit this scenario by creating listings using photos and descriptions from other apartments – for example, found in other cities.
When the interested renter asks for more information, the fraudster explains that there is a lot of interest and recommends securing the place with a partial deposit.
Of course, as soon as money changes hands, the fraudster disappears along with the fraudulent property listing.
Note that the same technique is also increasingly used for used cars, a market that has also grown drastically in recent years.
#4: Google Voice Scams
In this scenario, a fraudster steals phone numbers for phishing attacks. Here is how it works:
- A fraudster contacts a marketplace seller and asks for their phone number.
- The fraudster registers the seller’s phone number on Google Voice.
- Google Voice sends an OTP (one-time password) to the number to confirm registration.
- The fraudster claims that they are the one who sent that OTP for another reason, and asks the seller to confirm it with them.
If this has worked out, the fraudster is now in charge of a Google Voice number linked to someone else’s phone number. This allows them to call victims to defraud them, or attempt SIM swap fraud.
#5: Phishing For ID Theft
Fraudsters need personal information to create believable online profiles – for instance, to open bank accounts or take out loans.
Marketplace listings are a perfect place to harvest data, as it would make sense to share personal information to arrange shipping for an item.
The fraudster will contact a seller to arrange to pick up the item instead of having it delivered. They will request the seller’s home address, email address, and phone number to confirm the pickup.
This much personal information plus a full name is enough for fraudsters to steal identities for all kinds of nefarious purposes, including the creation of synthetic IDs.
The oldest trick in the book, but still worth mentioning: Bait-and-switch fraud happens when buyers are lured with a low price, only to be asked for more and more money.
Live by this classic saying: If a deal seems too good to be true, then it probably is.
Note that fraudsters favor being paid in gift cards or cryptocurrencies, which aren’t traceable and which work like de facto internet cash.
How To Secure Your Marketplace From Fraudsters
A company like Facebook spends millions on security and still sees its marketplace riddled with fraudsters. But there are still steps you can follow to make life easier for your legitimate customers.
#1: Cyber Security Awareness Education For Your Users:
Communicate regularly about the latest scams, which measures you’ve taken to remove fraudsters, and who to turn to if there are issues.
#2: Enable Scam Reporting:
An extension of the point above is to give your customers tools to flag suspicious users and suspicious behavior themselves.
#3: Run Better KYC Checks:
Most marketplace fraud happens when users can create accounts too easily. You don’t have to go all the way with ID verification, but running some basic checks, especially when they are frictionless, can go a long way in filtering out fraudsters before they get to join your platform.
#4: Cross-Reference User Data Points:
Fraudsters have to work at scale, which means recycling data points and multi-accounting. Maybe they use the same email address twice to log into two different accounts. Maybe it’s the same IP and device.
Your goal is to monitor these data points to spot connections between bad accounts in order to block them.
#5: Monitor Online Behavior:
The most sophisticated (and drastic) form of fraud prevention makes use of various data points relating to user behavior.
For instance, how frequently does this person message others? Do they tend to send users to external websites? Do they mention external payment methods? And so on.