Scammed!
Learn how people scam people, I'm an expert it's just happened to me.
Someone had hacked a members account. In the early hours of the morning that had listed a MacBook Pro with a Buy Now. It was cheap but not so cheap to cause alarm.
When I hit the Buy Now, there was no option to pay by Ping.
The TradeMe auto-email was friendly, short, and had their name, same name as their username and their account number, ANZ.
They them emailed me and basically said they can send quickly if I pay reasonably promptly. Then I got a follow-up email.
This email was sent because it would mean I would communicate through THAT email and not the one on the account which was the sellers legitimate email.
Somehow, no email confirming the sale went to the seller. Interesting.
So despite thinking he was a little pushy I paid the money, $943!
Didn't want to push the person so I waited a couple of days and then emailed asking if it was shipped - What Laptop?
In the last 2-3 hours here is what I have learned:
1/ there is no quickstep I can see to notify TradeMe of a scammer on the loose
2/ the BNZ, my bank, suggest I contact the Police which I did. They accept no responsibility and want $75 to seek payment back from the ANZ and all that happens is the ANZ ask the account holder if they would like to send the money back, they can't or won't do anything else.
3/ the ANZ when told one of their account holders is a scammer weren't really interested and said they couldn't do anything. Wow.
4/ the Police take the details and basically say they likely can't do much but will try so at least that's something.
5/ I have no idea what TM will say, I'd like my money back as I'm wondering just how often does this happen and is it about time that 2-step authentication happened. How many people are getting hacked?
6/ DO NOT ever respond to a seller initiated email unless you are communicating through the email listed on the account and even as I write this I guess that a hacker could change that email (or maybe that notifies the real email account so they don't)
There has to be more the banks and TM can do about this. The number of people getting scammed is getting astronomical and when it happens to me, and I think I'm pretty computer savvy, then it can happen to most.
-
Lucy
Trade Me staff - Community team
Kia ora Community.
Unfortunately, scams are on the rise across the world and we aren’t immune to it here at Trade Me. As criminals begin to get more and more sophisticated, we continue to do everything we can to keep our members safe.
While we can’t discuss the tools and processes we put in place behind the scenes (without giving scammers a blackbook about how we operate), please know we are constantly looking at what else we can implement to protect our community.
Part of that is ensuring our members are vigilant which is why our next member newsletter is dedicated to reminding all our members how to stay safe online.
Here are some tips;
1) Ensure your passwords are strong: Having a strong password is the easiest way you can protect yourself online. Ensure your password is unique and complex. Don’t go sharing that information with anyone either. There are a number of helpful tools, like haveibeenpwned.com, that you can use to check if your passwords have been compromised anywhere across the internet
2) Report anything that raises an eyebrow: If you see anything suspicious on our site, let our team know using the ‘Community Watch’ button at the bottom of every listing. This will flag the listing with our Trust & Safety team which monitor the site seven days a week.3) Never pay with Paypal or into an international bank account: Trade Me members are required to have a New Zealand bank account, and anyone asking you to transfer into an overseas account should be a red flag.
4) Use Ping: We strongly recommend buyers use Ping so they are covered by our Buyer Protection Policy. This means we can track the payment and refund you if the item(s) aren't as described or don't turn up at all. If you see something you want to buy that doesn't have Ping as an option, ask the seller in the Q&A to add it before the listing closes. If it is a high value item and they won't, that might give you reason to think twice.
5) The golden rule; if a deal seems too good to be true, it probably is.
If you need to get in touch with us urgently, use Live Chat. We have agents online seven days a week ready to help.
-6 -
Hi Robert,
Sorry to hear you got scammed. I'm new to TradeMe and was surprised how many sellers have cash or bank transfer as the only option. With Gumtree and Ebay in Oz it's pretty well an unwritten rule that bank transfer is never used for items sent by mail because of scammers. It's Paypal for delivery or cash if picking up in person. And yes, there have been lots of cases in Aus of criminals having accounts that the banks seem clueless about. One of the scams in Oz is criminals intercepting legitimate email invoices, changing the bank account details and forwarding doctored invoice to the victim. When the crime is discovered the banks somehow don't know who owns the account. Another old scam involves a scammer having a primary account and secondary account. The scammer "sells" some high value goods on the secondary account which are purchased by the primary account which leaves glowing feedback. The scammer then uploads a high value scam item on the secondary account. Victim purchases item and transfers money to scammers account. When fraud is discovered the secondary account is closed by EBay but not the primary account. The scammer just sets up a new secondary account and starts again. My boss lost $550 on a camera with this scam. EBay did refund $200 but he was out of pocket $350.
0 -
noooo, the industry standard 2FA is not needed. TM rely on their “systems”.
Stop using TM!
2 -
I got scammed a few years ago by a seller of a iPhone who answered all my questions and seemed legit but once the payment was made no more contact and no iPhone I had to file a dispute with Trade Me and after they could not make contact with the seller they provided me with a referral letter to take to the Police where I then filed a fraud by deception case. After a long drawn out process the Police tracked down the person via their bank account and they ended up in court where they were convicted and ordered to repay the money in instalments which took several months lesson learnt I now only use Ping payment for higher priced items.
If you suspect you have been emailed by a scammer I recommend contacting Trade Me via their Live Chat option as soon as possible to let them know.
Trade Me also has a dedicated email you can forward any suspicious emails you have received to refer to the link below
https://help.trademe.co.nz/hc/en-us/articles/360007001332-Phishing-and-scams
1 -
S Community Superuser
Kia Ora Robert,
Sorry to hear this news mate and Thank you for sharing in this Post bringing an awareness to the Community & all TM Members - such a selfless & brave act.
It's great to hear you have spoken with your Bank so they can look out for any odd behavior within your account transactions. I am suprised the Police didn't appear more helpful - I thought they would at least investigate an NZ Bank acct and place a 'Freeze' on any transactions in & out of.
Unfortunately your scammer now has a few pieces of the puzzle toward hacking your own accounts and info' - that being your email address, Bank acct number & legal name - which pose a risk of potential Email scams and Phishing for your password(s) and further info'. Regardless of whom your telecommunications / internet & broadband provider is these following links provide great up to date latest information on How to keep yourself Safe Online. Netsafe also encourage you to Report your scam. I hope the links are of much value to you coming fwd and further for others who enter your Post.
Netsafe Reporting:
REPORT A SCAM
Help if you have been scammed or think you are about to be scammed: Netsafe can’t open investigations or track scammers, but we can offer support and advice for people who have lost money in a scam, or think they are about to. You can report a scam to www.netsafe.org.nz/report.
All the Best Mate - Cheers.2 -
Trademe have indicated that there's no need for better security because :
"have a dedicated Trust & Safety team that works hard to prevent fraudulent logins and other transactions on our members’ accounts. For now, we’re confident in the systems we have and the measures we take to protect our members. "
as seen here:
https://help.trademe.co.nz/hc/en-us/community/posts/4411734416269-2FA-Anyone-0 -
Lucy
Trade Me staff - Community team
Hi Robert. I'm so sorry to read about what's happened, that's awful.
There's some great advice and info sharing here and I'm grateful to see people contributing to help out.
First and foremost, you can get in touch with us about anything including urgent issues like this using Live Chat. We have agents there ready to step in and help. However if you were trying outside of hours, you have the option to leave a message which will be seen when someone is next available and can get back to you.
You're absolutely right that you shouldn't reply to an email initiated by the seller that comes from a different address than the one provided to you by us. I know it can be natural to simply hit 'Reply' without checking, but always be sure that things match up with the info we've given you.
I understand that Ping wasn't available on this particular listing. If there is ever anything you want to buy that doesn't have Ping as an option, ask the seller in the Q&A to add it before the listing closes. If it is a high value item and they won't, that might give you reason to think twice.
Another tip is that if you think the deal appears too good to be true, do a reverse image search on Google. Scammers don't have their own photos since they don't have the item.
If a seller provides their information for bank transfer, something to keep in mind is that accounts starting with '04' can be created from outside of New Zealand. There are of course legitimate sellers with that code, but it is just something to be wary of that may be an extra piece in the puzzle when things don't seem to add up.
Robert, I understand you've been in touch directly about this. The team will be looking into it and getting back to you.0 -
There’s a lot of wisdom shared after the fact but you can’t close doors after horses have bolted. Why is not more being done to prevent this? I didn’t know about live chat and I’m a bit over hunting through the contact us maze - it looks designed to stop people contacting you rather than actually provide help. I get it’s a big site but there must be better ways.
As for what could have stopped this:
1/ why no 2 step authentication so hackers can’t gain account access in the first place or required to start listing?
2/ why did the real member not receive notification of my question or when the auction sold? Had the hacker changed the email or changed preferences? Do neither of those trigger automatic emails to the original email to confirm?
3/ why are overseas created bank account numbers given a prefix the same as NZ accounts? And why does the name of the account not need be given so we can use it as another check in the scheme?
4/ if we ought to use Ping all the time why isn’t it compulsory or why does a warning not show up to educate people about ping?I could go on but it seems scamming is being paid lip service because it doesn’t make TM to fix it though it could be marketed as a way to gain competitive advantage and Ping makes TM money too.
I’m just really disappointed with it all.
3 -
S Community Superuser
Cheers SJ - I wasn't aware of that email address Thank you & great to read of your success with that one you had also, that is encouraging news - Awesome! 😊👍
Cheers Lucy - I wasn't aware of the reverse image search on Google. - that's Most Helpful Thank you 😊👍
0 -
S Community Superuser
Great Questions Robert and I would like them to be answered by TradeMe please - there is a heavy weight on Members whether or not to partake with potential risk factors here which places a significant effect on both Sellers & Buyers Trust & relationship and the dominoes affect on Sales & Purchases.
Robert, do all you can to protect your Email & Bank account coming fwd here - leave no chance of escalation - Cheers.
0 -
I have no issues around my personal accounts as a secure password and two step authentication should see that safe.
But this is the crux of my view - TradeMe can implement pro active procedures to safeguard most instances of scamming and members, old or new, would be protected. Or, they can do what they are doing and expect people, amateurs, who are new or old to the site, to devote time to learning safeguards many would expect TM would’ve protects them against .
The whole site relies on trust, we need to have confidence in the site.
2 -
S Community Superuser
Yes! more lip service but with good intention towards in Post Combating Buy Now Scams - New Ideas Needed - if / as you feel up to it - Cheers.
1 -
I got scammed via my ANZ visa debit card, several times over several months (I was going through a bad time and so didnt notice as it was relatively small amount each time). I didnt realise I had been scammed until I googled the name of party taking payment out (bank teller suggested). ANZ would not refund the earlier ones but they did refund the last two payments after I filled in form explaining. Wasnt too difficult. Id suggest you give it a go with your bank. Take copies of any paperwork/proof with you of course. Good luck.
0 -
S Community Superuser
Kia Ora All,
Future Purchases - Helping to Keep Safe:
When making purchases through TM if you pay by Ping or Afterpay you are covered by TM's Buyer Protection policy - if the Seller does not have these options available you can ask them if they will add them for you.
You can also ask the Seller to write their member name on a sheet of paper & take a photo of this next to the item for you.
All the Best - Cheers.0 -
What percentage of buyers do you think know that?
I never knew that myself after twenty years.
The main issue I have is despite them knowing how scammers are scamming, they aren’t doing anything about it and in my instance there were several things that could’ve happened to prevent it - TM could send an email asking confirmation when payment details are changed on the payment email or a notification that a new device logged in to your account etc. They aren’t doing any of these things yet they are a massive website and many far smaller sites are doing it. Their actions illustrate their priorities. It’s safer to change the process than to inform every user about Ping and AfterPay and neither of those are free so you could say TM are by default benefitting from the status quo.3 -
S Community Superuser
Yes Robert, currently the payment email which is automated to Buyers is a free form text field - an input field would catch a Bank acct change if one was implemented.
I like the sound of implementing an auto-confirmation email when a new device logs in to your account.
- Cheers.
1 -
S Community Superuser
A welcome to TradeMe email sent to all new accounts could include this important Buyer Protection policy with use of Ping or Afterpay as included in the Policy - Cheers.
0 -
S Community Superuser
Kia Ora All,
This brings up again for me a couple of previous Posts requesting the following Login auto tick box 'Remember me' feature removed which have gone unanswered,
- why do TM still have a Remember me automatically ticked box when logging in to the platform?
- Is this creating a pathway for unwarranted activity on accounts?
- Is both the member name & password kept on this capture Or just the password against the already held member name?
- If one mistakenly doesn't remove the tick beforehand where do we go to undo this capture? simply signing out and in again, this time removing the auto tick, does not undo the previous capture.
- Under Privacy protocols members should have access to remove this record from their accounts.
- Cheers.
0 -
Gary-NZStocked Community Superuser
S, the remember me options are specific to your computer browser and are stored in cookies on your computer. If you try to log in from a different browser or computer there will be no auto login and you must enter your email address and password to login. Remember me only works on your computer. Of course, if you are infected by a trojan to record keystrokes or copy your login details then someone else can access, but if you are the only one that uses your computer, then only you can login in without entering info again, although you can clear your cookies and next time you login choose Never remember my details, so you would need to enter details each time you visit.
0 -
S Community Superuser
Gary, are you talking about this one? I don't have a never remember me on this TM Login, this is it.
0 -
Gary-NZStocked Community Superuser
Sort of. The never remember me is the browser one, not the TM one. Same thing applies for that one too. All it does is store a cookie on your own computer to save you having to re-enter info. If you don't want to use it as you are on an insecure computer or a shared computer it's probably best not to have remember me ticked, but if your computer is your own and secure, then it's much easier to have it set to remember if you choose to.
0 -
S Community Superuser
Thank you, Yes my browser is set to 0 saved & Never Save and cookies & cache are cleared each day - My tight ship Lol. - I'm wondering, as previous Posts why TM have this set ticked, yes obvious why but preferred not! - Now I know it's a stored cookie I can manage that if ticked in error Thank you and my snowballed imagination can take a break! Thank you so much 😊
0 -
TradeMe don’t seem to have any of the security measures other security conscious sites have. There’s no fence at the top of the cliff. There is an ambulance for those who bought a Ping ticket before they leapt though.
2 -
S Community Superuser
Cheers Robert, Yes we have asked re security and are unanswered though I guess for Security reasons they can't - leaving the imaginative brain ...! - Cheers.
0 -
S Community Superuser
Kia Ora All, a recommendation has been made in Post: Profile setting to default "Only allow bids from Authenticated members" to true which may interest some - Cheers.
0 -
I was the buyer in my instance when scammed.
We can see when TradeMe implement security measures. Keeping something secret is only when you might be trying to catch someone after the fact.
As for authentication, why are unauthenticated buyers allowed to buy? That might be a more legitimate question.1 -
S Community Superuser
Cheers Robert, a partial resolve to half an equation is healthy discussion coming fwd.
0 -
S Community SuperuserKia Ora All,The importance of reporting scams to the Police,Sorry Robert I understand they they didn't appear helpful in your instance, however as you have a bank account you paid into the Police may be able to investigate the account holder, there is every possibility you may not be the first or only, the Police may possibly already have an investigation for the same account number underway or may be able to form common incidences to give them a direction to focus any potential investigation. This report on file will be crucial in any event your identity is stolen coming fwd. - Cheers.0
-
To clarify:
The account holder did not scam me.
The account was hacked.
They changed the account on the payment email.
They listed an item with a buy now.
They changed the email where the notification went.
The owner of the account had no idea.
TradeMe know about this and have done nothing to avoid it happening to others.
If you changed your email your original email could be notified.
If you changed your payment instructions your original email could get notified.
If you logged in with a different device your original email could get notified.
Nothing!
Police notified - nothing.
ANZ notified - nothing.
BNZ notified - nothing.
What does this tell me?
Stopping scammers is not a priority.3 -
Omg this just happened to be Trademe hacker scammed $1300!!!! I’m so scared
0
98 comments
Date
Votes