Losing bidder? Do NOT pay before reading this!

A new simple and clever phishing scam is has been unleashed onto the cyber space. Read on to learn how to recognise and avoid it.

Does your email address consist of your bidorbuy username plus a domain name?

If yes, you are in danger of falling victim to a new phishing scam.

The cyber criminals go through bidorbuy.co.za looking for people who have lost closed auctions, take their user names, “marry” them to several web based email clients (e.g., @gmail.com, @webmail.co.za, @yahoo.co.uk, @live.co.uk, @hotmail.com, etc.) and shoot off a message to all of them. The message, in which they pretend to be the seller, goes something like this:

Dear BidorBuy buyer, I’m the seller of the item that you’ve recently bid through BidorBuy system. If you are interested in buying it please contact me. I’m waiting for your e-mail. Thank you.

That is only bait. If you reply, the criminals know that their phishing email reached a real person, and that is when they go all out to persuade you to let them cheat you out of your money.

Follow-up emails from the criminals contain details of the listing you bid on, plus some complicated story (often referring to either a personal tragedy or charity involvement). The story serves to explain why the seller who, according to his bidorbuy profile, clearly resides in South Africa had to be abroad (usually the UK) at that precise moment and why the only way you can pay is by cash transfer. Often, you will also receive a very convincing-looking email from a fake shipping company, informing you that you parcel will be shipped out as soon as that cash payment reaches them.

We have to admit, the above scam is so clever that it is difficult not to fall for it. The criminals have a high chance of success. Since they know your email address and what you bid on, they appear very credible.

So, how can you tell there’s something fishy in the above set-up?

Unfortunately, you can’t really, not unless you’ve been warned in advance, which is why we are doing it here. So, take note. This lesson is yours for free; at least one buyer paid for it by being scammed out of his hard-earned money.

True, more experienced users would know that sellers do not have access to contact details of losing bidders. Sellers can make personal offers, but these come through the bidorbuy system, not directly from the seller. However, since it’s so easy for scammers to fake an official-looking email, this give-away sign will be of no use to you unless you check to see that the sender is really bidorbuy.co.za.

Our next advice to buyers is to be extra cautions when dealing with overseas sellers, simply because problems are always more difficult to solve if they stretch across borders.

We also advise buyers to be double-cautious about paying by wire transfers, inside or outside of the country. Such transfers are impossible to trace, so one does not even have the recourse of going to the police and perhaps, several years down the line, seeing the justice done. So, if a seller you never dealt with before asks you for a money transfer, please first speak to bidorbuy customer support team.

And, after learning of this particular scam, we also have to advise you not to use your bidorbuy user name or your real name as a part of your email address.

Comments

  1. Not everyone is an expierienced user, so why don’t you hide bidders’ user names to prevent this?

    • bidorbuy_co_za says:

      Hi Freddie, it’s about transparency, and bidorbuy was built on transparency. And remember – scammers will always find a way, so we as internet users must learn to recognise phishing and other criminal activities.

    • bidorbuy_co_za says:

      Hi Freddie, it’s about transparency, and bidorbuy was built on transparency. And remember – scammers will always find a way, so we as internet users must learn to recognise phishing and other criminal activities.

  2. Werner Dorfling says:

    Thanks for the heads-up

  3. I generally insist, unless I know who I am dealing with, on paying via the BoB bank and as I know it’s account number as a double check I suppose that has kept me safe.

    Freddy has a good idea.

  4. Michelle H says:

    How do the scammers get the bidders e-mail addresses? This is only visible to the seller once items have been successfully sold? 

    • bidorbuy_co_za says:

      Hi Michelle, they do not get the email addresses of the loosing bidders – they “phish” for them: that is, the scammers take your user name and add it to some generic domain name (@gmail.com, @hotmail.com, etc, etc.) and send them out. Out of I don’t know how many such emails, one might work – but that seems to be enough for the scammers…

  5. VisionHomeAudio says:

    I am a advanced seller on Bid or Buy and other websites and have been purchasing online for over 15 years. I go by a few key rules. If any unexpected email referring to either a personal tragedy or charity involvement enters your email box, Delete it. It’s a Scam… We get approximately 30 a day. 
    If a email seems vague and you cannot immediately and directly relate it to any activity you have been doing online or offline then delete it. The email address is a good point of reference. If you can’t confirm the content of the email nor the email address then delete it.And in connection with this scam and others. By reading the terms and conditions correctly when signing up to a website you will understand and have a knowledge of the privacy terms of the company preventing this sort of thing from happening.Also Freddy has a valid and excellent idea. Potential/current bidders do not need to be aware of the persons name they will be bidding against, it’s all about the price. It would be simple to mask letters in the name, if Bid or Buy wished for the name to remain for visual impact.

    •  Hi VisionHomeAudio, you have some excellent points
      here. I should say that the emphasis must be on educating oneself and being
      watchful. Not having your bidorbuy user name as a part of your web-based email
      address – or, indeed, your real name (just imagine how many of us have a social
      networking profile with our real name, AND a web based email address with our
      real name!) is only one of the precautions, but scammers will always come up
      with new ways to steal our money. So, generalist knowledge of scams and other
      cyber dangers is a must for any internet user.

  6. thank you