Romanian Phishing Scams - #2

The Romanians change tactics

They're getting smarter
On Friday 23rd March 2007 we observed a new method being employed by the Romanians. For the first time we're aware of they changed the email address and password on a hijacked account which belonged to linpal - Paul from Christchurch. This prevented Paul from either withdrawing the scam auctions or regaining control of his account.

Our attempts to contact TradeMe's "24/7" security team were unsuccessful. As usual, TradeMe weren't taking the Romanians seriously.

This problem has now reached serious proportions with new accounts being compromised on a daily basis. Our research shows that the hijackers now appear to be using the internal records from hacked accounts to target further victims.

The Romanians have discovered the "Export my TM account" function available to all users. They have started using these trading records from hijacked accounts, giving them lists of valid email addresses for all TM users who have traded with those accounts in the past 45 days.

They send out another batch of phishing emails to these qualified addresses and so the problem escalates. The Romanians must now have a database of TM users' email details equal only to TM's internal records.

The number of hijacked accounts is increasing exponentially and we believe that TradeMe management need to address this issue urgently.

Update - January 2010
A change in TradeMe's security team last year has heralded a noticeable reduction in the number of Romanian scams on the site. Wel done to Chris Budge and his team. It's great that TM is finally taking the Romanian criminals seriously.

    Return to the main scams page...

    Read about other scams...