Phishing scams are carried out by scammers who try to trick carsales members into giving out account or personal information or banking details by posing as trusted organisations.
These scams are typically carried out by SMS and email.
Scammers will use the names of real people, official logos and branding to make their attempts look as real and as convincing as possible.
It’s common for phishing scams to include links to fake websites which look identical to the original sites.
How do I know if an Email or SMS is really from carsales?
Always remember that carsales will never send you an SMS or email asking you to confirm your account or personal details. To avoid being the target of a phishing scam, go to www.carsales.com.au and follow the prompts there to log in.
The tell tale sign will be the website address (URL) which will be similar to but not the same as the real site. For example, where you would visit www.carsales.com.au a scammer may include http://carsales.besaba.com/.
Tip: If you need to access your account, always type in the website instead of clicking on a link.
How to avoid these scams
- Stay calm. Scammers often make their emails sound urgent, claiming your account is frozen or locked – resist the urge to reply immediately.
- Check the ‘from’ email address. Official-looking emails from free email service providers such as gmail or hotmail are often a sign the email is a fake.
- Do not click on links provided in emails or text messages. Instead use your ‘bookmarks’ to navigate to the website or type the website address directly into your browser.
- Be wary of text messages from overseas or automated mobile numbers.
- Report it to us (firstname.lastname@example.org). If you encounter any suspicious activity online or believe you’ve been the target of a phishing scam, please let us know.
Here are some recent examples of phishing scams below.
Example #1 - Phishing SMS
Example #2 - Phishing Website
Example #3 - Phishing Website Payment
Example #4 - Phishing Website URL
“Item.support” domain is used to host the phishing pages. This is a malicious domain – it does NOT belong to carsales. Remember to always check and verify the URL before entering any personal details. The URL addresses are different to the legitimate pages.