Tuesday, July 17th, 2012
AVG (AU/NZ) Pty Ltd alerts the thousands of Australians selling their cars online to a new scam email claiming to be from the auto website Carsales.com.au.

The phishing message attempts to trick users into believing their account has been suspended, and asks them to ‘renew’ their details to continue using the service. Links included within the email direct users of the Carsales Network through to a fake website designed to capture details of their account – including an email address and password.

Disturbingly, both the email and website are incredibly well laid out and, at a glance, appear convincing. On closer inspection, however, there are several questionable components:

• “Susspended” is spelt incorrectly in the subject line, and “Thank you for using Carsales website!” doesn’t read well.

• The ‘from’ email address doesn’t include reference to the site – i.e. “[email protected]”. Instead, the sender address has no association with the Carsales Network.

• The page has an unrelated URL which also doesn’t reference Carsales.com.au.

• “Help on sign in” as a heading on the page is unusual.

Carsales Network has confirmed that it never contacts members in such a way: “We emphasise that Carsales.com.au does not at any time request sellers to verify any information concerning their ad or credit card details via an SMS or a link in an email.”

The company has made a request for the fake website to be taken down, and advises sellers who receive the message not to click any of the links included in it. The Carsales Network has a section in its website dedicated to scam defence as does the Government’s SCAMWatch site.

Michael McKinnon, Security Advisor at AVG (AU/NZ), distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, said: “If you have received the email and unwittingly entered your details on the fake page, it is important to immediately change your password and secret question. Remember, you should have a different password for each online service you use, but if that same password has been used elsewhere, update those accounts too.”

5 tips to protect against scam emails

1. Always treat email requests for personal information with suspicion, particularly ‘urgent’ requests and those threatening a service suspension.

2. If you are unsure, don’t respond to the email, instead phone the company to check its legitimacy.

3. Report suspicious emails to SCAMWatch.

4. Run an effective anti-spam solution, such as the one included in AVG Internet Security

5. Run up-to-date Internet Security software with web-link scanning technology, like AVG Link Scanner, to help block web threats on malicious web sites.

Links
Carsales.com.au scam defence - http://helpcentre.carsales.com.au/help/scam-defence/
SCAMWatch: http://www.scamwatch.gov.au

Contact Profile

Keywords

AVG, internet security, cybercrime, scam

Categories

Sharing

More Formats