Main scams applied using Mercado Livre

ESET investigation: discover the main scams carried out using the name of Mercado Livre in 2023

Sites that attract a large mass of users also become attractive platforms for cybercriminals looking to carry out all types of fraud on unsuspecting victims. Mercado Livre and its transaction platform, Mercado Pago, are examples of this. For this reason, ESET, a leading company in proactive threat detection, presents some of the most common applied scams, using the name of the platforms in 2023.

ESET reviews some of the most common scam models carried out through these platforms and explains how to protect yourself

“Mercado Livre surpassed 100 million active users and there are 40 purchases per second. In addition, the company has Mercado Pago, which records more than 200 transactions per second.

Due to its natural reach, it can be very attractive to opportunists looking to keep users’ money.

The company itself highlights the importance of taking care of security and offers advice to avoid falling into the most common frauds and mistakes when operating on its platforms”, comments Martina Lopez, Information Security Researcher at ESET Latin America.

Fraudulent communications

Phishing and fraudulent communications: the phishing is an attack that uses social engineering and seeks for the victim to knowingly deliver what the cybercriminal wants (money, data) without spying on the device or stealing files.

Banking services and companies whose operations involve credit or payment information are of interest for these frauds. To do this, the attacker sends an email making the victim believe that it is an official warning, warning of a security problem or suspicious movement, and that it is necessary to verify the identity to regain access or avoid account suspension.

Tempting but misleading offers

Another recurring alternative is to resort to large offers or gifts.

The objective is the same: to make the victim send their information, believing it to be a legitimate communication. Thus, the attacker retains access credentials and data, such as your card numbers.