Your item has sold! Avoiding scams targeting online sellers

March 3, 2025

When the subject of online security on online marketplaces comes up, it usually focused on risk towards buyers. However, sellers in these marketplaces are equally vulnerable to fraud schemes, not just in the general form of buyers dodging out of payment, but serious financial fraud attacks that lead to phishing, the loss of sensitive data, and potential asset theft. From the perspective of a threat actor, successful online sellers are more likely to have large volumes of available funds that they could target compared to buyers. Additionally, sellers are used to having frequent, unsolicited verification prompts related to their sales, which gives threat actors the perfect opportunity to use a classic phishing scam.

In a recently reported scam, an online seller related that they received a direct message impersonating the staff of the Reverb online marketplace. What appeared to be a link to verify payment details actually used percent encryption to disguise a redirect to an attacker-controlled domain impersonating the Reverb website. This website used social engineering through chat prompts to not only enter their credit card details, but also to “verify” their bank account details by providing the threat actor with their bank balance, letting the threat actor know what accounts will be most valuable for them to drain. Reverb is aware of the issue and is taking steps to tell users when they’re being redirected to a third-party domain, but the same tactic could easily be employed on other online marketplaces if they do not take similar steps.

Emails are of course also a major threat vector for cyberattacks against sellers. There have been multiple reported instances of sellers receiving fake chargeback notifications and giving prompts to “review” the details, leading either to the same kind of social engineering attacks as above, or potentially to the delivery of malware. Individuals or businesses engaged in selling products via an online business need to be aware of this potential attack vector, and to thoroughly review the policies of the marketplace against cyberattacks to ensure they are being sufficiently protected.

More from Blackwired

October 15, 2025

Satellites found exposing unencrypted data

Researchers found GEO satellites broadcast sensitive data unencrypted, risking major security breaches with cheap, accessible tools.

Read more
October 8, 2025

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks.

OpenAI stopped 40+ abuse ops, flagged state-linked misuse, and urges shared defenses as AI speeds up old cyber threats.

Read more
October 1, 2025

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

Tenable found 3 major flaws in Google Gemini enabling prompt injection, data leaks, and exfiltration—now patched by Google.

Read more

© 2024 Blackwired. All Rights Reserved.