Infected Photos Steal From Car Shoppers
If an online seller sends you photos of an item, run them through a malware scanner first — at least according to the FBI. A new warning issued by the bureau suggests that many buyers have fallen victim to malware scams that involve what seem to be innocuous photo attachments.
Photos containing malware can crop up when dealing with shady sellers on services like Craigslist. A seller will list an expensive item, like a car, for an amount of money that just skirts the line of "too-good-to-be-true." The one catch is that the seller only provides photos upon request.
Although scams where a seller takes money without delivering goods are approximately as old as commerce itself, photos containing malware provide a relatively new twist on them.
If the unsuspecting customer pursues the matter, he or she will find that the seller is quite willing to send photos of the item via email. Compulsive malware scanners will find these photos riddled with malicious software, but trusting types will fall victim to a very subtle trick.
The photos generally show the item in question, and the malware will redirect users back to a site that looks like Craigslist or eBay. However, instead of navigating back to the original site, the user will now find him or herself on a facsimile of it, differing only in URL.
When a user agrees to buy an item through this bogus website, the seller gets the money and disappears without a trace. Sites like Craigslist or eBay can track down sellers who cut and run, but scammer-made copies of the sites have no such protections.
Taking money in exchange for fraudulent goods is still illegal, of course. Without the oversight and protections that trusted commerce websites offer, however, tracking down cybercriminals can be almost impossible.
The good news is that the FBI has provided a nearly foolproof list of ways to protect buyers from these scams. Even better, the advice requires little technical know-how, and instead relies on common sense and sound judgment. [See also: The 10 Biggest Online Security Myths And How to Avoid Them]
The FBI recommends that users keep their security software up-to-date and patch their operating systems frequently (there are even ways to automate these processes). If you frequent auction sites, be suspicious if a seller offers to sell you items directly.
Stick to reputable sites with user protections (like eBay), and when attempting to buy a car, do as much research as you can on the seller or the dealership to ensure their veracity. If a price looks too low to be real, then proceed with caution. If a seller sends you a file, scan it first.
These are all simple tips, but the FBI would not issue a warning if a significant number of people had not failed to heed them first. As the Romans liked to say, "Let the buyer beware."