A new simple and clever phishing scam is has been unleashed onto the cyber space. Read on to learn how to recognise and avoid it.
Does your email address consist of your bidorbuy username plus a domain name?
If yes, you are in danger of falling victim to a new phishing scam.
The cyber criminals go through bidorbuy.co.za looking for people who have lost closed auctions, take their user names, “marry” them to several web based email clients (e.g., @gmail.com, @webmail.co.za, @yahoo.co.uk, @live.co.uk, @hotmail.com, etc.) and shoot off a message to all of them. The message, in which they pretend to be the seller, goes something like this:
Dear BidorBuy buyer, I’m the seller of the item that you’ve recently bid through BidorBuy system. If you are interested in buying it please contact me. I’m waiting for your e-mail. Thank you.
That is only bait. If you reply, the criminals know that their phishing email reached a real person, and that is when they go all out to persuade you to let them cheat you out of your money.
Follow-up emails from the criminals contain details of the listing you bid on, plus some complicated story (often referring to either a personal tragedy or charity involvement). The story serves to explain why the seller who, according to his bidorbuy profile, clearly resides in South Africa had to be abroad (usually the UK) at that precise moment and why the only way you can pay is by cash transfer. Often, you will also receive a very convincing-looking email from a fake shipping company, informing you that you parcel will be shipped out as soon as that cash payment reaches them.
We have to admit, the above scam is so clever that it is difficult not to fall for it. The criminals have a high chance of success. Since they know your email address and what you bid on, they appear very credible.
So, how can you tell there’s something fishy in the above set-up?
Unfortunately, you can’t really, not unless you’ve been warned in advance, which is why we are doing it here. So, take note. This lesson is yours for free; at least one buyer paid for it by being scammed out of his hard-earned money.
True, more experienced users would know that sellers do not have access to contact details of losing bidders. Sellers can make personal offers, but these come through the bidorbuy system, not directly from the seller. However, since it’s so easy for scammers to fake an official-looking email, this give-away sign will be of no use to you unless you check to see that the sender is really bidorbuy.co.za.
Our next advice to buyers is to be extra cautions when dealing with overseas sellers, simply because problems are always more difficult to solve if they stretch across borders.
We also advise buyers to be double-cautious about paying by wire transfers, inside or outside of the country. Such transfers are impossible to trace, so one does not even have the recourse of going to the police and perhaps, several years down the line, seeing the justice done. So, if a seller you never dealt with before asks you for a money transfer, please first speak to bidorbuy customer support team.
And, after learning of this particular scam, we also have to advise you not to use your bidorbuy user name or your real name as a part of your email address.