Full Report
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.
Analysis Summary
# Main Topic
Risks and specific threat tactics targeting individuals and organizations selling items on online marketplaces. The primary threats involve phishing, social engineering, and malware designed to steal financial details or compromise seller accounts.
## Key Points
- Adversaries target sellers because they likely hold significant payment funds or are expected to receive an influx of cash after large sales.
- Scammers often leverage the perceived need for account verification, a common occurrence on these platforms, as a pretext for attacks.
- Common social engineering attempts include pressuring sellers to conduct transactions off-platform or use non-protected payment methods (e.g., "friends and family") to remove platform seller protections.
- Phishing campaigns frequently exploit the platform’s direct messaging features to initiate contact.
- Attacks aim to compromise the seller account (to manipulate payouts/shipments) or steal direct financial data (bank/credit card information).
- A specific example involved a phishing attempt on a Reverb seller account, disguised as a legitimate verification message, redirecting the victim to an attacker-controlled server using percent encoding obfuscation.
## Threat Actors
- The report focuses on generic scammers and malicious buyers rather than specific named APT groups, motivated by financial gain.
## TTPs
- **Phishing/Account Compromise:** Using platform messaging systems (e.g., Reverb direct message) to deliver malicious links.
- **Social Engineering:** Creating urgency via fake sold items and leveraging expected "account verification" processes.
- **Obfuscation:** Utilizing percent encoding within URLs to mask the malicious final destination during redirection.
- **Redirection Chains:** Using HTTP/302 redirects to move victims from a seemingly legitimate path to an attacker-controlled web server/landing page.
- **Off-Platform Transactions:** Encouraging buyers/sellers to move communications or payments outside the protected environment.
## Affected Systems
- Seller accounts on online marketplaces (Example cited: Reverb).
- Payout accounts associated with seller profiles (bank/credit card details are targeted).
- End-user systems interacting with malicious hyperlinks delivered via marketplace messaging systems.
## Mitigations
- **Awareness:** Sellers must be mindful of common scam techniques (shipment changes, off-platform pressure, non-standard payment requests).
- **Verification Procedures:** Be highly suspicious of unsolicited direct messages prompting immediate account/payout verification, even if they appear to originate from the platform.
- **Technical Controls (General):** Utilize security solutions to block access to malicious domains/IPs:
- Cisco Umbrella (SIG)
- Cisco Secure Web Appliance
- Firewall Management (FMC)
- Cisco Secure Endpoint/Malware Analytics for binary detection.
- **Authentication:** Implement Multi-Factor Authentication (MFA) via services like Cisco Duo for crucial accounts.
## Conclusion
Selling on peer-to-peer marketplaces carries significant risk, predominantly revolving around sophisticated phishing campaigns executed via internal messaging systems. Sellers are advised to maintain vigilance regarding any communication requesting immediate financial disclosure or deviation from standard platform transaction protocols. Relying on platform-specific security features and augmenting personal defense with strong MFA is crucial. The reliance on self-reporting makes threat quantification difficult, emphasizing the need for proactive user awareness.