⚠️ Phishing Alert: The “Fake Secure Payment” Scam
This screenshot illustrates a sophisticated phishing attack targeting sellers on classified ad platforms (like OLX, Vinted, or Wallapop). Here is how the scam works and how to stay safe:
1. The Setup
The scammer contacts a seller pretending to be a buyer. They claim they have already paid for the item through a “secure transaction” service provided by a well-known logistics company (in this case, Correos).
2. The Trap (Visual Red Flags)
- Deceptive URL: Look at the address bar. The official website is correos.es, but the scammer uses a fake domain: correos.compr-verif.digital. Always check the domain before clicking!
- The “Receive Funds” Hook: The page claims your item is paid and asks you to click a button (e.g., “Aceptar pago” / “Accept payment”) to receive your money.
- Urgency & Social Engineering: It mentions that to get the shipping label, you must first “confirm the receipt of funds” following the chat assistant’s instructions.
3. The Goal
When the victim clicks the “Accept payment” button, they are redirected to a fake payment gateway. Instead of receiving money, the victim is asked to provide their:
- Full credit/debit card details.
- Bank account login credentials.
- SMS verification codes (which allows scammers to authorize fraudulent transactions).
How to Protect Yourself:
- Never leave the platform: Real marketplaces never ask you to go to a third-party link to receive payment. All transactions should stay within the official app or website.
- Check the link: If the URL looks long, strange, or ends in .digital, .info, or .top, it is a scam.
- No “Payment to Receive”: You should never have to enter your card’s CVV code or an SMS password to receive money.
Stay vigilant! If a buyer sends you a screenshot or a link claiming they’ve paid through an external service—it’s a scam.