Singapore-based classified company Carousell and Facebook were targeted through fake accounts in phishing scams totalling SGD314,000 ($236,000 U.S.) in December. Carousell was also cited for a privacy violation.

Some 132 victims received malicious links and QR codes via emails, SMS and WhatsApp messages, asking the recipients for payment for items or to cover the costs of courier services. When they clicked on the links or scanned the QR codes, customers were sent to a fake website which asked for their bank details, like user names and passwords.

Police are investigating, and warned users, “If in doubt, always verify the authenticity of the information with the e-commerce website directly.”

At the same time, Carousell has violated Hong Kong privacy laws after data leaks affecting over 320,000 local users. According to the Hong Konf Office of the Privacy Commissioner for Personal Data, Carousell reported a breach relating to 2.6 million global users in October last year, with the company served with an enforcement notice to ensure it remedies the situation and prevents a recurrence.

Print Friendly, PDF & Email

Related Articles