Have you received an email or SMS message claiming to be from carsales that doesn’t look quite right? We are currently aware of several phishing scams online using the carsales name and logo attempting to scam people.
Phishing scams are carried out by scammers who try to trick carsales members into giving out account details, personal information or banking details by posing as a trusted organisation. These scams are typically carried out by email and SMS.
Scammers will use the names of real people, official logos and branding to make their attempts look as real and convincing as possible. It’s common for phishing scams to include links to fake websites which look identical to the original sites.
How do I know if an email or SMS is really from carsales?
carsales will never send you an SMS or email asking you to click a link to confirm your account or personal details. To avoid being the target of a phishing scam, go to the carsales.com.au website or app directly and follow the prompts there to log in to your account to update or change any personal details.
The tell-tale sign of a phishing scam email or SMS will be the website address (URL) from the email sender and the link which they want you to click. The URL will be similar to but not the same as the real site. For example, where you would visit https://www.carsales.com.au/ a scammer may include the word carsales in their url: http://carsales.besaba.com/. They may also be using an address that starts with 'http:' rather than 'https:'. This 's' is an important indicator that the site is secure.
If you do need to access your account, always type in the website instead of clicking on a link in an email or SMS message.
How to avoid phishing scams
- Stay calm. Scammers often make their emails sound urgent, claiming your account is frozen or locked – resist the urge to reply immediately.
- Check the sender’s email address. Official-looking emails from free email service providers such as Gmail or Hotmail are often a sign the email is a fake.
- Do not click on links provided in emails or text messages. Instead use your ‘bookmarks’ to navigate to the website or type the website address directly into your browser.
- Be wary of text messages from overseas or automated mobile numbers.
How do I report a potential scam?
Australian Government Websites
- Contact the Australian Competition and Consumer Affairs Commission (ACCC) on 1300 302 502
- Report a scam through Scam Watch
- You can also report online fraud to the Australian Government via ReportCyber
- Sign up for the Stay Smart Online email alerts
Here are some recent examples of phishing scams:
Example #1 – Phishing SMS
Example #2 – Phishing Website
Example #3 – Phishing Website Payment
Example #4 – Phishing Website URL
Example #5 – Phishing Email