Romanian Phishing Scams on TradeMe
A gang of Romanian fraudsters are TradeMe's biggest & most consistent scam problem at the moment. In February 2006 this group started to produce some of the most sophisticated phishing scams ever to hit TradeMe.
How do these scams work?
Step 1 - The phishing email
The Romanian scammers send thousands of phishing emails to .nz addresses. These emails "appear" to come from TradeMe. Here's what a typical phishing email looks like. Just click on the image to view the full sized version.
A percentage of TradeMe users will be duped into clicking on the "click here" link in the emails and are directed to the scammers' site. This is where bad stuff starts to happen.
Step 2 - The Phishing Site
The link takes you to a page that to all intents and purposes looks identical to the TradeMe login page.
Click on the image to view a full sized version.
As soon as they've captured your login and password, the phishing site redirects you invisibly to TradeMe and most people are totally unaware that they've just given valuable login information to the scammers.
The Romanians can sit on some of these hacked accounts for months. We believe that they have already compiled a database containing hundreds (if not thousands) of TradeMe user accounts.
Another Romanian phishing email doing the rounds at the moment reads like this.
Subject: Trade Me -- A question on your auction: Auction 91410855 for Nokia N80
Hi Ian ,
A member has asked a question on your auction for 'Nokia N80 Brand New'.
do you have a buy now ? posted by: robin_u (0 )
Answer this question
The question will only be displayed on your auction if you answer it.
We recommend you answer all reasonable questions on your auctions as it helps
buyers to make informed decisions.
The Trade Me Team
Of course clicking on the link takes you to a phishing site asking for your TradeMe login and password. And in case you were wondering, these emails address everyone as "Ian".
Step 3 - Running fraudulent auctions
The scammers pick a quiet time when TradeMe is known to be understaffed - they usually favour nights and weekends.
Using a hacked account they list a handful of auctions for goods that don't exist... cellphones, laptops and more.
Using photographs stolen from the net, more often than not from actual eBay auctions, the scammers auctions appear to be credible.
These fraudsters prefer to use hacked accounts with a reasonable amount of feedback. This gives their scams much more credibility than any new account they might create, and lulls prospective buyers into a false sense of security.
You'll almost always find email addresses in Romanian scam auctions - usually throwaway Yahoo or Gmail accounts. Often they'll list a website - just a quick job to convince victims of their sincerity. And their "prices" are always cheap enough to attract willing victims quickly.
From February 2006 to June 2007, ScamBusters have recorded over 900 hacked accounts which have resulted from these Romanian phishing scams. And it's not just newbies who fall for them. A surprising number of traders with 500+ feedback have succumbed - be careful out there folks!
You can read more about the Romanian scams in our forums, including a list of current scams and details of all the addresses used by the hackers.
What could TradeMe do about these scams?
1. Take the scam issue seriously
These Romanians have been infesting TradeMe for four years now. TradeMe seem to believe that merely pulling the auctions before they close is sufficient action, but in reality any damage has already been done by then. The scammers are not running auctions... they are gathering email addresses and they've already made email contact with their next batch of victims by the time TradeMe gets out of bed.
2. Stop sending out emails containing clickable links
You're only training your users that this practice is okay. Note that eBay and PayPal do this already - learn from the big boys Sam.
3. Make your users aware of these scams
Hiding scams under the carpet hasn't worked. Four years of Romanian scams surely proves that point?
4. Beef up your internal security system
If a group of amateur ScamBusters can locate Romanian scams, why can't a $700m company? The scammers regularly use unique phrases like "email me urgently" and even re-use throwaway email addresses in their listings. Is it too much to expect TradeMe to identify these scam listings early and remove them before they find any victims?"
5. 24 hour security
A 24 hour business needs 24 hour security. The TradeMe office is unmanned overnight and understaffed during weekends and public holidays. They're making the scammers' job far too easy. The ScamBusters are hoping that Fairfax will begin to take this issue seriously in the near future.
Given the large number of TradeMe user accounts which have been hacked in the past few months and the thousands of fraudulent auctions which have resulted, ScamBusters believe this problem has the potential to escalate into a major crime wave.
Read on... our hackers change tactics