Have you received an email or SMS message claiming to be from carsales that doesn’t look quite right? We are currently aware of several phishing scams online using the carsales name and logo attempting to scam people.
Phishing scams are carried out by scammers who try to trick members of the public into giving out account details, personal information or banking details by posing as a trusted organisation. These scams are typically carried out by email and SMS.
Scammers will use the names of real people, official logos and branding to make their attempts look as real and convincing as possible. It’s common for phishing scams to include links to fake websites which look identical to the original sites.
How do I know if an email or SMS is really from carsales?
The only email or SMS carsales will send that requires you to click a link will be in instances where you log on to AutoGate from a new device. When you log on to AutoGate, a pop-up message will appear advising you to check your email where you will then be required to click on the “Authorise new device” button.
Another tell-tale sign of a phishing scam email or SMS will be the website address (URL) from the email sender and the link which they want you to click. The URL will be similar to but not the same as the real site. For example, where you normally would visit https://www.carsales.com.au/ a scammer may include the word carsales in their url: http://carsales.besaba.com/.
To add to the above, your browser will show a little 'lock' icon to the left of the URL, clicking on this will advise you if the connection is secure.
If you believe the link you have accessed is suspicious, click on this icon and ensure the URL is secure before progressing.
If you do need to access your account, always type in the website instead of clicking on a link in an email or SMS message.
How to avoid phishing scams
1. Stay calm. Scammers often make their emails sound urgent, claiming your account is frozen or locked – resist the urge to reply immediately.
2. Check the sender’s email address. Official-looking emails from free email service providers such as Gmail or Hotmail are often a sign the email is a fake. Also check spelling of company names I.e. caresales instead of carsales.
3. Do not click on links provided in emails or text messages. Instead use your ‘bookmarks’ to navigate to the website or type the website address directly into your browser.
4. Be wary of emails or phone calls that ask you for your username and password. carsales will never request this information.
5. Be wary of text messages from overseas or automated mobile numbers.
How do I report a potential scam?
If you believe you have clicked an unsafe link, please change your password immediately.
If you have received a scam message, you can contact our Dealer Services Team on 1300 728 800 or firstname.lastname@example.org or send our Trust & Safety team an email at email@example.com. Include screen shots of the potential scam messages and our team will investigate.