TradeMe phishing is not harmless

There’s an article in the paper today quoting Keith Ng as saying there is little point behind the latest round of phishing, this time targetting online auction house TradeMe.

Keith focusses on the user trying to buy, the key is that they’ll be trying to SELL – and once the money has changed hands the “seller” will disappear. It’s happened on eBay, it’ll happen here.

As usual, if you get an unexpected email from any sort of finance related site be very careful – and verify the email before clicking anything [tips].

Email scam targets Trade Me users


Trade Me has warned users of an email scam targetting their log-on details.

An email is circulating, purporting to be from Trade Me, asking members to confirm their details.

“It directs you to a site that looks like Trade Me and asks you to log in,” the site said.

“This is not from Trade Me.

“If you have already responded to the email please change your password immediately.”

Internet observers said the emails appeared to be a “phishing” campaign.

However, Keith Ng, in his On Point blog at the Public Address site, questioned why anyone would want Trade Me passwords that did not lead to bank account numbers.

“Given that there is no obvious financial gain, I can only guess that this is an attack on Trade Me itself,” he said.

“It’s more than an act of whimsy. The perpetrator was skilled, had access to an email server, and, most importantly, had some kind of spam list.”

The internet auction site was recently acquired for $700 million by Fairfax.


Recent Comments



  1. December 12, 2006

    Funny you say this. I have been recieivng emails from Bank of America which I have an account and it is clearing some sort of phishing scam. I am not sure if I should send an email to bank of america or just not click on the links. it is so frustrating. I almost cannot tell what is real and whats not anymore


  2. December 21, 2006

    I’ve been receiving emails from banks to update my account info ,and i’m not even with that bank.How does that work?
    I think these individuals are just trying their luck with everyone.
    Your bank will never send you a email asking for personal or account info.Not through email or Telephone.

  3. ionet
    February 28, 2007

    Interestingly enough, there is a 97+ page thread on NZ Scambuster’s site ( documenting the phishing activities of Romanian scammers on Trade Me. Keith Ng appears to have somewhat missed the point, in that most if not all of the hundreds/thousands of compromised Trade Me accounts represents a further risk to all other accounts they have traded with + feedback has displayed email addresses for 60 days after a trade has had feedback placed also receiving phishing emails. Invariably the perpetrators of these Trade Me phishing scams are intent on heisting Kiwi dollars off by Western Union and never delivering up the goodies back to the eager gullible souls expecting laptops, Xboxes and Mobile Phones to arrive from over yonder.

  4. ionet
    February 28, 2007

    Make that 102 pages now on the Scambuster’s forum with new postings added on an almost daily basis for further hacked & compromised accounts with bogus listings.

  5. ionet
    February 28, 2007

    Make that 102 pages on the forum now with further postings almost daily on hacked & compromised accounts with bogus listings –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.