A group of AutoBase clients received an email asking them to confirm their account – it had the AutoBase logo and branding on it and looked fairly realistic. When a few of our clients clicked on the link in the email, a website that looked exactly like the AutoBase site appeared with fields to enter their Username and Password. It all looked authentic – apart from the fact that the URL was wrong. When a few of our clients clicked on the link in the email, a website that looked exactly like the AutoBase site appeared with fields to enter their Username and Password. It all looked authentic – apart from the fact that the URL was wrong. This was the fake website which looked real as it was copied directly from our own site - However the URL was http://admin-autobase.com/ which is not the correct one. Our website would have come up as http://admin.autobase.co.nz/ - the mere difference of a ‘dot’ instead of a ‘dash’ and extension.
Another example of the URL of the fake website a more recent scam used is www.idealerbase.co.nz instead of real www.dealerbase.co.nz. The mere fact of an addition letter in this case was a subtle change to the URL address.
Only a few clients actually entered their details, which took the Phisher into their AutoBase account where on some existing listings they reduced listing prices, added ‘Half Price Liquidation Sale’ to the comments, changed the images to look like an AutoBase brochure and changed contact details by entering an email address they had created. They also added bogus listings including all of this information. Some viewers on Trade Me who saw the scammer’s listings took interest and emailed the bogus address, where they were asked to deposit money for the vehicle into the scammer’s account.
You may have received one of the most popular phishing scam emails that appear to be coming from a bank asking you to confirm your account details. More often than not you don’t even belong to that bank! Phishers are ‘fishing’ for your personal details or even worse, your customer’s details – they want your username and password so they can access your private accounts such as your bank, email (Gmail, Xtra, Hotmail etc) or Trade Me. So how do you stay safe and avoid being duped? The rule of thumb to keep you safe is NEVER enter your username and password into a website link that has been emailed to you. If in any doubt, call the company who appears to be sending you the email – guaranteed it will be a scam.
- The email fails to confirm that the company does business with you (i.e. by referencing your account number)
- The email fails to address you by your name, and may be addressed ‘Dear Sir/Madam’ or‘Dear Cardholder’
- The email warns that you have been a victim of fraud
- The email says that you need to confirm or enter a new password
- The HTML tags behind the links on the email will reveal that the underlying URL usually does not link to a page within the authentic domain.
- You did not initiate contact with the sender or may not have expected to receive it
- The email contains grammatical errors and spelling mistakes
Do not reply to any email that requests your personal information, or click on the link provided. Again, if in doubt, contact the company who appears to be sending you the email. For more information, check the Ministry of Consumer Affairs scam information here.
Footnotes
1. Scambusters NZ website - Click here
No comments:
Post a Comment