Trust & Safety

Trade Me's blog on Trust and Safety issues.

Phishing is when you take the bait

Scam -phishing -email -exampleTo the uninitiated, the internet is a big pond where sharks roam seeking to trick internet users into handing over their personal details so they can dine on their bank accounts.

This is commonly known as phishing – the spelling is a play on the traditional sport of fishing.

The scammer (shark) will set up his ‘lures’ so that unwary internet users will be ‘phished’ and tricked into sharing confidential information that can be used to conduct further scams or fraud.

The scammers’ lures are legitimate-looking emails that appear to come from websites or companies, like Trade Me or your bank. The emails try to elicit information from the reader - like usernames or passwords.

They’ll often do this by asking you to confirm your details or click a link to login.

If you click such a link, you’ll be directed to enter those details into a fake website

That website will probably look identical to the real company's site, but it is operated by the scammer. Once you have entered your details, the scammer records them and logs in as you.

This could be in the form of using your Trade Me account to conduct a scam or make arrangements to take money from your bank account.

To make it very clear, Trade Me will never ask you to confirm your password or login in details by way of an email asking you to enter them into a website.

Why would we? We already know you’re a member!

Your bank will never ask for this information either - scammers love to target banking details.

Here’s some other things you can think about to protect yourself from phishing attacks.

  • Never provide your username or passwords by email to anyone ever. Here’s some more advice on password safety.
  • Check the website address of the site. Make sure the site is the site you want to go to. For Trade Me, the address will always start with safer yet, find the site by typing the company's URL into your browser's address bar. This means you will bypass the fake website address.
  • Never enter information into forms within email messages. Before you enter any information check the web address as per the above tip.
  • Upgrade your internet browser. Newer versions of web browsers include anti-phishing features which help indicate whether the site you are visiting is legitimate or not.  You can download the latest version of Internet ExplorerFirefox or Chrome today. 
  • Check your online bank accounts frequently. Make sure all transactions are valid. If they aren't contact your bank or credit card company immediately. 
  • Ignore phishers scare tactics such as urgent language to pressure you into submitting confidential data.
  • Your username should not be the same as the first part of your email address i.e. if your email is, your user name should not be johnsmith2001 as it increases the chance of a phishing email landing in your email inbox.

Finally, you can help Trade Me out by letting us know if you have been sent a phishing email.

We can get the phishing site shut down and prevent people from being caught by the scam. 

Please forward any phishing emails or details of fake Trade Me websites to