Like many people, I use Facebook Marketplace to sell items I no longer need. Today, I want to share an experience with a scam that others should know about. Recently, I listed my Elgato Stream Deck Classic, and almost immediately, I started receiving messages from potential buyers, many of whom were just looking to negotiate a lower price.
I’m used to “lowball” offers, which didn’t surprise me.
But then, one particular message stood out:
“I’m out of town right now and can pick it up on October 21th or any day after. Can you hold it for me? I can pay in full now, so you don’t have to wait 🙂 Can I get your details for etransfer?”
I thought, “Would someone really pay in advance to a complete stranger and trust that the item will still be there when they come to pick it up?”
Despite my doubts, I decided to play along to see where this was going. So, I provided a junk email address and soon received a notification of an “e-transfer.”
Fortunately, I’m familiar with e-transfers and the way they work. As a Security Engineer, I’m alert to these kinds of scams. Right away, I noticed something suspicious about the email.
Recognizing the Scam
At first glance, the email looked like a standard Interac e-Transfer notification with the old design. FYI: the new design arrived on Oct 21. However, when you open a “Deposit your Money” link, you can see it is not legit:
The legit link should be like that:
When I clicked on it (with extreme caution in the dedicated VM 😉 ), I was taken to a page where I was supposedly supposed to choose the bank and then “deposit” the money.
I went with a random one – Scotia. The page asked for banking information…
Here’s where the scam reveals itself: if you enter your information, the fraudsters instantly have access to your account, allowing them to do as they please with your funds.
Staying Safe
It didn’t take deep technical investigation to realize this was a scam. Just seeing the email with its suspicious link was enough. It would have been game over if I had entered my bank details. 😉
I considered entertaining myself by replying with a fake confirmation templated email to see how they’d react, but ultimately, I decided it wasn’t worth the time. I blocked the sender and moved on.
Since then, I’ve received several similar messages asking for pre-payment via e-transfer like this.
I hope most people can spot a scam like this quickly and avoid giving out personal information. But sometimes, we get excited or want things done fast, making us slip up. I wanted to share this example to help others stay aware and safe.
Takeaways
- Trust Your Instincts: If an offer seems too good to be true or doesn’t sit right, it probably isn’t.
- Know How e-Transfers Work: An e-transfer notification should come directly from Interac <notify@payments.interac.ca>, not a third-party email. But if you reply, it will be an email address from the original sender in the “To” field.
- Never Share Sensitive Information: Even if you decide to share an email, create a separate “junk” one. Intruders can also try to hack your email.
- Be Cautious on Marketplace Platforms: Scams are common, and staying alert can save you from potentially serious consequences.
Hopefully, sharing my experience can help others avoid falling for similar scams. Stay safe and happy selling!
Leave a Reply