Surge in frauds on online trading websites: Hundreds of thousands of BGN siphoned off from Bulgarian customers

There has been a rise in fraud cases following a familiar criminal scheme on online sales websites. The perpetrators contact individuals offering various goods, expressing interest in purchasing, but insisting on using a special platform for payment, where the victim enters their banking card details.

How consumers can end up with drained accounts, and how unwitting members of the public can become unintentionally involved in fraud

Maria posted an ad for a baby nest for sale on an online trading site. Seconds later, she is contacted by a potential customer who urges that their communication take place on Viber. There, he assures that he wants to purchase the item but offers an alternative method of payment and delivery. The response was:

“I’m from Burgas, but the courier can pick up the item directly from your address, so you don’t even need to leave your home. You won’t spend any time or incur any costs, which I will cover, and you’ll receive the payment right now,” to which Maria responded, "How does that work, which courier service?" The answer was, “I’m placing the order now and paying for it. After that, you need to confirm the order as soon as possible so that the money can be transferred to your card, and the courier will contact you to arrange the details, such as address, time, and date,” Maria explained.

The client, who identified herself as Ana, then sent a link to a special platform for Maria to enter her bank card details. Maria became suspicious of its authenticity, so she contacted the support team of the classifieds website, who reassured her that she was being targeted by scammers. As a result, Maria’s bank account remained safe, unlike hundreds of other users who entered their details into the platform without realising.

How the Fraud Works

“These details include the card number, its expiration date, the full name of the cardholder, and a specific CV code, which is entered to verify our data. The next step, when it appears, is for us to provide our balance, confirming that it really is us,” explained Svetlin Lazarov, Head of the Digital Analytics and Cyber Intelligence Department in the Cybercrime Directorate of the General Directorate for Combatting Organosed Crime (GDBOP).

This step checks whether the user has a balance higher than 2,000 BGN—the withdrawal limit for such transactions. If the balance exceeds this amount, an error window pops up, prompting the victim to enter their details again. This allows the scammers to withdraw 2,000 BGN each time the details are re-entered.

“We’ve had cases where a victim lost over 20,000 BGN, with money being withdrawn in small amounts over several days due to repeated error messages,” explained Commissioner Lazarov from the Cybercrime Directorate at GDBOP.

Where the Money Goes

The funds are transferred to bank accounts in countries outside the European Union, where various criminal groups operate using this scheme. Despite this, their numbers appear to be Bulgarian, which helps gain the victims’ trust. It turns out that the fraudsters randomly use existing phone numbers of Bulgarian citizens who do not have Viber installed. They create accounts with these numbers and activate them, exploiting a vulnerability in the app’s verification process.

“When they start the activation process, the real user doesn’t know that their phone number has already been activated on Viber,” Lazarov explained.

BNT: Does this mean that, for example, an elderly woman in a Bulgarian village has had a Viber account created for her without her knowledge, and that money is being generated for third parties?

Lazarov: "Yes, these are people who don’t have smartphones and use basic phones or elderly individuals who are unaware of this communication app and don’t use such things. As a result, their phone numbers are not verified with communicators."

GDBOP is coordinating with its international partners to identify the criminals behind these schemes. However, reaching the perpetrators is difficult, time-consuming, and the chances of victims recovering their money are almost nonexistent.