Have you received an email or SMS message claiming to be from carsales that doesn’t look quite right? We are currently aware of several phishing scams online using the carsales name and logo attempting to scam people.
Phishing scams are carried out by scammers who try to trick carsales members into giving out account details, personal information or banking details by posing as a trusted organisation. These scams are typically carried out by email and SMS.
Scammers will use the names of real people, official logos and branding to make their attempts look as real and convincing as possible. It’s common for phishing scams to include links to fake websites which look identical to the original sites.
How do I know if an email or SMS is really from carsales?
carsales will never send you an SMS or email asking you to click a link to confirm your account or personal details. To avoid being the target of a phishing scam, go to the carsales.com.au website or app directly and follow the prompts there to log in to your account to update or change any personal details.
A tell-tale sign of a phishing scam email or SMS will be the website address (URL) from the email or SMS sender and the link which they want you to click. The URL will be similar to but not the same as the real site. For example, where you would visit https://www.carsales.com.au/ a scammer may include the word carsales in their url: http://carsales.besaba.com/. They may also be using an address that starts with 'http:' rather than 'https:'. This 's' is an important indicator that the site is secure.
If you do need to access your account, always type in the website instead of clicking on a link in an email or SMS message.
How to avoid phishing scams
- Stay calm. Scammers often make their emails sound urgent, claiming your account is frozen or locked – resist the urge to reply immediately.
- Check the sender’s email address. Official-looking emails from free email service providers such as Gmail or Hotmail are often a sign the email is a fake.
- Do not click on hyperlinks provided in emails or text messages. Instead use your ‘bookmarks’ to navigate to the website or type the website address directly into your browser. Hyperlinks within a phishing SMS or email could look like: www.carsales.pay2.com. au or www.carsalespayment.uk (Phishing websites may contain the word 'carsales' to look more legitimate but are not linked to carsales in any way)
- Be wary of text messages from overseas or automated mobile numbers.
How do I report a potential scam?
If you have received a scam message, you can contact our customer care team here. Include screen shots of the potential scam messages and our team will investigate.
Australian Government Websites
- Contact the Australian Competition and Consumer Commission (ACCC) on 1300 302 502
- Report a scam through Scam Watch
- You can also report online fraud to the Australian Government via ReportCyber
- Sign up for the Stay Smart Online email alerts
Here are some examples of recent phishing scams relating to payment through carsales:
[These scams have used the 'pay through carsales' name only, they have not occurred as part of the actual in-app payment process]
Example #1
In this instance, scammers are trying to direct a seller to a phishing website via messages using a QR code to appear legitimate.
Note: We would never request a buyer or seller to complete or confirm a payment via a QR code. Payment through carsales takes place within the carsales app.
Example #2
In this case, a scammer posing as carsales sent a fraudulent email to a buyer, falsely claiming that payment could not be made through carsales and instructing the seller to contact a fake email address to resolve the issue
Note: The email address in this scam message is not affiliated with carsales customer support. We would never provide alternative email addresses within a support ticket. Emails from carsales customer service will only ever come from customercare@carsales.com.au
The following examples (invoices shown below) are all fake. Please note carsales will never send you an invoice requesting payment.
Other examples of phishing scams:
Examples 1 to 3 (shown below) show the journey from SMS to payment page of a fraudulent phishing attempt.
The scam SMS shown below in example #1, includes a hyperlink which leads to a phishing website where a payment is then requested. carsales would never send an SMS like this.
Example #1 – Phishing SMS
Example #2 – Phishing Website
Example #3 – Phishing Website Payment
Example #4 – Phishing Website URL
Always independently verify suspicious activity and contact the carsales support team if you’re unsure.
Any information on this page is provided as a guide only. It is not professional or expert advice and is not a substitute for such advice. The content may not be appropriate, correct or sufficient for your circumstances and should not be relied on as the only reason you do or don’t do anything.