Spotting phishing scams on TradeMe
The information on this page refers to a gang of Romanian fraudsters who were once TradeMe's biggest & most consistent scam problem. While this group produced some of the most sophisticated phishing scams ever to hit TradeMe, phishing scams all use the same general methods.
How do these scams work?
Step 1 - The phishing email
The scammers send thousands of phishing emails to .nz addresses. These emails "appear" to come from TradeMe. Here's what a typical phishing email looks like - click on the image to view the full sized version.
While many users will quickly see through phishing attempts, a percentage of TradeMe users will be duped into clicking on the "click here" link in the emails and are directed to the scammers' site. This is where bad stuff starts to happen.
Step 2 - The Phishing Site
The link takes you to a page that to all intents and purposes looks identical to the TradeMe login page. Click on the image to view a full sized version.
As soon as they've captured your login and password, the phishing site redirects you invisibly to TradeMe and most people are totally unaware that they've just given valuable login information to a group of scammers. The bad guys can sit on some of these hacked accounts for months. In most cases they compile a database containing hundreds (if not thousands) of TradeMe user accounts to use over and over again.
Another phishing email uses the TradeMe Q&A facility and looks like this.
Subject: Trade Me -- A question on your auction: Auction 91410855 for Nokia N80
A member has asked a question on your auction for 'Nokia N80 Brand New'.
do you have a buy now ? posted by: robin_u (0 )
Answer this question
The question will only be displayed on your auction if you answer it.
We recommend you answer all reasonable questions on your auctions as it helps
buyers to make informed decisions.
The Trade Me Team
Of course clicking on the link takes you to a phishing site asking for your TradeMe login and password. And in case you were wondering, that particular set of emails addressed everyone as "Ian".
Step 3 - Running fraudulent auctions
The scammers pick a quiet time when TradeMe is known to be understaffed - they usually favour nights and weekends. Using a hacked account they list a handful of auctions for goods that don't exist... cellphones, laptops and more.
Using photographs stolen from the net, more often than not from actual eBay auctions, the scammers auctions appear to be credible.
These fraudsters prefer to use hacked accounts with a reasonable amount of feedback. This gives their scams much more credibility than any new account they might create, and lulls prospective buyers into a false sense of security.
You'll often find email addresses in scam auctions - usually throwaway Yahoo or Gmail accounts. Often they'll list a website - just a quick job to convince victims of their sincerity. And their "prices" are always cheap enough to attract willing victims quickly.
Between February 2006 and June 2007, ScamBusters recorded over 900 hacked TM accounts which resulted from phishing scams. And it's not just newbies who fall for them. A surprising number of traders with 500+ feedback have succumbed - be careful out there folks!
You can read more about phishing scams in our forums, including a list of current scams and details of common addresses used by the hackers.
What could TradeMe have done about these scams?
1. Take the scam issue seriously
Those Romanians infested TradeMe for years but TradeMe seemed to believe that merely pulling the auctions before they closed was sufficient action, but in reality any damage had already been done by then. The scammers were not running auctions... they were gathering email addresses and they'd already made email contact with their next batch of victims by the time TradeMe got out of bed.
2. Stop sending out emails containing clickable links
TradeMe still include clickable links in their emails and that only convinces users that this practice is okay. Both eBay and PayPal do this already - TM should learn a few lessons from the big boys.
3. Make your users aware of these scams
Hiding scams under the carpet doesn't work. Four years of Romanian scams surely proved that point. TM have become more proactive in removing scam auctions these days, however they go out of their way to conceal withdrawn auctions and disabled traders. We wouldn't want the punters to learn the full extent of TradeMe scams... no would we!
4. 24 hour security
A 24 hour business needs 24 hour security. For years the TradeMe office was unmanned overnight and understaffed during weekends and public holidays. They made the scammers' job far too easy. Fortunately TM finally took this issue seriously and now have a small overnight team in place.
Morehistory... the Romanians changed tactics