The term 'phishing' is used when a scammer sends you a legitimate-looking email that appears to come from websites or companies that you trust. E.g. Trade Me or your bank.
The emails try to 'phish' for information – like usernames or passwords. They often ask you to confirm your details or click a link and login.
A spoof site is a website that looks identical to a real company’s site, but is operated by a scammer. Phishing emails usually link to spoof sites. When you enter your details into the spoof site the scammer records them and is able to use them. E.g. to log in to Trade Me.
Protecting yourself from phishing
- Never provide your username or passwords by email. Trade Me will never ask for your username or password by email.
- Check the website address in your browser. Make sure the site is the site you want to go to. If you are browsing Trade Me, the address should always start with "https://www.trademe.co.nz/...". Better yet, find the site by typing the company's URL directly into your browser's address bar.
- Upgrade your browser. The latest versions of web browsers include anti-phishing features which may warn you if you visit a non-legitimate site. Install the latest version of Firefox or Chrome, update Edge or Internet Explorer with Windows Update, update Safari with the App Store, or update Chrome in Google Play.
- Don't respond to pressure. Phishers use scare tactics, and urgent language to pressure you into submitting confidential data. Don't be fooled!
- Beware of scam emails. Emails can be targeted and may attempt to get money from you by pretending to offer an item for sale that you have bid on or asked a question about.
If you receive an email pretending to be from Trade Me, we want to know about it. Please forward any phishing emails or fake Trade Me websites to firstname.lastname@example.org.
Remember: Contacting buyers or sellers outside of the auction process can be unsafe, and if you receive an offer that seems too good to be true, it probably is!