The FBI and the Internet Crime Complaint Center have issued a warning about the well-known escrow service scam and the fact that cyber criminals use online photo-sharing programs to perpetrate it.
When advertising inexistent vehicles online, the criminals don't provide pictures, so users are forced to ask for some to be sent to them. The cyber crooks are happy to oblige - sometimes they send the file directly via email, and sometimes they deliver a link pointing to an online photo gallery.
"The photos can/often contain malicious software that infects the victims' computer, directing them to fake websites that look nearly identical to the real site where they originally saw the advertisement," explains IC3.
"The cyber criminals run all aspects of these fake websites, including 'tech support' or 'live chat support,' and any 'recommended' escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence."
Needless to say, the victims never receive any merchandise.
So what can you do to make sure you don't become one of the victims? Apart from keeping your OS, software and AV solutions updated, you are advised to always scan files before opening them, especially when they come from untrusted sources.
"Be cautious if you are on an auction site and lose an auction and the seller contacts you later saying the original bidder fell through," says the FBI, and adds that an offer seems simply too good to be true, that's often the case. Finally, use only well-known escrow services, and those of established car dealerships.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.