Cybercrime is getting more and more elaborate. And, the worst thing is that by action or omission the authorities and companies collaborate with its dissemination.
I am going to tell you a personal experience and another that happened to a known person.
About scams on the Internet. Streaming services
They say that the best hunter escapes the hare. I consider myself quite aware of computer security risks. Y, however, I fell into the same trap twice. What diminishes my stupidity is that in the first case I fell because of Facebook and in the second because of Google.
A year ago, bored with Netflix and Amazon (Argentina had the longest strict quarantine in the world) and fed up with the poor quality of subtitles from alternative content providers, I see on Facebook the advertisement that Disney + had arrived in Argentina and that it was offering a free trial.
Convinced that Facebook had strict control over the ads it displayed, I click on the link, I complete the form with my card details and I receive the notice that my bank had rejected the transaction Something made me suspicious, so I search for Disney + by Google and on the legitimate page I see the message that the service was months away from being available.
I immediately block the card and try to report it. Neither the Disney Argentina page nor its Twitter account support the sending of messages. I look up the fake domain information using Whois and I find that it is registered on a server in Bulgaria.
I make the complaint to the hosting and Facebook. The hosting took down the site immediately. I don't know if Facebook listened to me or not, the truth is that the ad kept appearing, this time with the site hosted on GoDaddy. GoDaddy, to the best of my knowledge, ignored my reports.
The second time was with Paramount +. This time it was the fault of Google and Firefox. I put Paramount + in the browser bar and it directs me to a page that asks me to register. I put the data and again the message that the bank rejected the transaction.
I look for the data of the domain and I discover that it was hosted in a hosting service like the one that we can hire. The Paramount + Argentina search got me to the right place and registration with no problems.
It must be said that in this case there were some clues. Although the page was similar, the form did not support the use of accents. The notice that the transaction could not be made was immediate when in general there is usually a delay while connecting to the server performing the transaction.
Here are some things I learned.
1) Search the site on Google.com and other search engines, do not click on ads or the browser bar.
2) Search the domain data using a tool as this. If it is hosted in a domain like the one we would hire, it is false.
3) Generally, when a transaction is declined, it appears on the web or in the card application or the bank. If not, talk to customer service to see if they have it on file.
4) To subscribe to new services use a prepaid card. You will have time to transfer them to the usual cards.
Marketplace
The second scam is something typical of Argentina like dulce de leche or mate (Yes, I know that mate is shared with Uruguay, Brazil and Paraguay and that all countries have something similar to dulce de leche). Either way, it is likely to spread.
It takes place on the Facebook marketplace and on Trading sites in which user registration is not required and where contact information is public.
One user sells something and another buys it from him. They agree to pay by bank transfer. I don't know what it is called in other countries, but it is sending money from one bank account to another. However, Suppose the product is 500 pesos. The "buyer" informs the seller that "by mistake" he sent him 5000 pesos and attaches a photo of the transfer receipt. This is Argentina, and sometimes for reasons known only to bankers, accreditation is not immediate. Added to this is a "call" from the bank confirming that the transfer was made.
Here comes the interesting thing. The voucher is perfect. It is made with Photoshop using the computer workshops of some prisons in the interior of Argentina. From there also come the calls of the "buyer" and the "bank"
Now, not only do they keep the money "returned" by the unsuspecting seller. Through the so-called bank call, they use social engineering techniques to obtain account data and use it to extract the rest of the money and request instant loans that are transferred to other accounts until it becomes impossible to track their journey.