This page has an average rating of %r out of 5 stars based on a total of %t ratings
Reading Time 4 Minutes Reading Time 4 Minutes
Created on 28.06.2023

Online data theft: phishing on advertising platforms

Criminals like to go fishing for victims online. That was the experience of Markus, who wanted to sell his bicycle on an advertising platform and got caught in the net of a fake buyer’s ingenious phishing scam. How was that possible? And how can you as a seller protect yourself against data theft on the Internet?

Markus’s old bike had been standing around in the basement for a while, so he decided to sell it on a free advertising platform. Soon after posting the advert, a potential buyer responded via WhatsApp. Having asked a few harmless questions, the interested party then wrote to Markus saying that he wanted to buy the bike but lived too far away.

Tip: Conceal your phone number when advertising on online marketplaces such as Tutti, Anibis or Ricardo and communicate only on the provider’s portal.

Phishing on advertising platforms: online data theft is very easy

The fake buyer asked Markus to ship the bike by post and assured him that he would pay for it in advance. Markus agreed and received a phishing link that led to a fake Swiss Post page. As the page design looked deceptively real and the information about the goods and the agreed price were correct, Markus didn’t become suspicious and clicked on the button as requested.

Note: If you are asked to click on a link, that should serve as a loud warning for you. If Markus had looked more closely at the phishing link, he would have noticed that the page was not from Swiss Post. That’s why you should always check the website address when going online.

What is phishing?

Fraudsters disguise themselves as trustworthy companies or financial institutions to try get you to share personal information such as access data or passwords with them. They mainly use phishing e-mails to do so. But they also get hold of valuable confidential information via the Internet or messenger services such as WhatsApp or SMS (smishing). Here too, they get you to click on a phishing link and enter your personal details. If the fraudsters come into possession of your personal details such as national insurance number, bank account information or bank card details, they can steal your identity and withdraw money from your account, open new accounts or request a refund from the tax office – as well as many other fraudulent activities.

One wrong click, and sellers become phishing victims

Clicking the button was the first step in the sophisticated data theft. The phishing link was hidden behind the button, so when Markus clicked on it, the phishing fraudster was able to bypass the two-factor authentication, which offers increased protection through additional proof of identity. The next step had fateful consequences, because by confirming the push message, Markus allowed the criminal to shop at his expense.

Important: Never confirm push messages from the banking app if you haven’t ordered a payment or initiated an action yourself beforehand.

If you uncover a phishing scam, you should take action immediately

If you have had your data stolen by phishing fraudsters, inform your financial institution immediately. With a bit of luck, the money transfer can still be stopped. You should also block your debit and/or credit card immediately and apply for a new one. If you have uncovered any fraudulent activities as a seller, report them to the relevant advertising platform. This will allow them to block the buyer. You should also contact the platform provider if you have shipped goods and the buyer hasn’t paid. If necessary, file a complaint with the police.

How sellers can protect themselves against data theft on the Internet

  • If possible, use seller protection and avoid selling platforms where buyers are not clearly identified.
  • Always hand over the goods in person for cash, or use a fast and secure payment option such as TWINT when handing over the goods.
  • Don’t be talked into shipping anything.
  • Never reveal your debit or credit card details under any circumstances.
  • For your safety, set up 3D-Secure.
  • Never enter access data and passwords on a website you have opened through a link someone has sent you, as it might be a phishing link.
  • You can check on The link will open in a new window to see if the website behind the potential phishing link is fake.
  • Always enter web pages from banks, Swiss Post and other service providers directly in the browser.
  • Never confirm push messages in the PostFinance App if you haven’t initiated the payment or action yourself.
  • Read up on how to use PostFinance cards securely.

Pay online securely by card

Nowadays, paying with a card on the Internet is a matter of course. However, this simple and convenient payment method also comes with risks such as fraud and identity theft. Recognize fraud schemes and test your knowledge at The link will open in a new window – the police website about using your cards securely. You can also find out more about other types of fraud in our blog article “Scammers’ tactics. What you need to know”.

This page has an average rating of %r out of 5 stars based on a total of %t ratings
You can rate this page from one to five stars. Five stars is the best rating.
Thank you for your rating
Rate this article

This might interest you too