Trust & Safety Blog

Update your Operating System to defend against bugs and viruses

Update -os

We’re closing out Cyber Smart week with a gentle reminder that your Trade Me accounts aren’t the only thing that needs protection.

With so many of your electronics and apps set to automatically update these days, it can be easy to forget that some of them don’t.

Operating systems (OS) and internet browsers can fall through the proverbial 'update cracks' and in turn act as the gateway to breaching your online security.

It’s easy enough to click the “remind me later” option when an update request pops up, because who doesn’t love waiting a good 40 minutes for a reboot, but hitting that can leave gaps in your device’s security.

Take a recent Bluetooth vulnerability as an example. Blueborne is a vulnerability that can affect devices that use Bluetooth; computer, phones, tablets and smart fridges. Blueborne would allow anyone who is within range to gain control over your device without you needing to do anything. It won’t matter if the device is locked or sleeping, if a scammer is within range they can get in.

So if you’ve been hitting that reminder button for the last month you won’t have the latest OS updates, that protect against this scam, and you won’t be safe.

Updating the OS on your device is one of the best things you can do to help protect yourself against cyber-crime.

Meanwhile some internet browsers, such as Chrome and Firefox, automatically update so you don’t need to worry about this unless you choose to turn that function off.

The same can also be said for browsers like Safari and Internet Explorer which are linked to your OS, and update when your device does. However if you have a different browser or have disabled the auto-update function you may need to do this yourself.

In a perfect world all our members would have the most up to date browsers and apps. This wouldn’t only make the lives of our developers much easier, but it’d ultimately make everything better for everyone involved.

As the user you’d be better protected, have any bugs from previous versions ironed out, and not run into any Trade Me site functionality issues because the browser you’re using is too old.

So from all of us here at Trade Me please, please, update your stuff – and stay safe online!

For more tips on stepping up your cyber security check out our advice on using two factor authentication and regularly changing passwords

Using Two Factor Authentication to be cyber smart

Cyber Smart Week - 2FA - Newsletter Banner

This week we’ve already covered the importance of having unique passwords, but there’s plenty more that you can do to add extra layers of protection.

Turning on two-factor authentication (2FA) can help stop scammers from getting into your stuff.

Here at Trade Me this isn’t something you can turn on (or off) yourself, our Site Security team run it in the background all the time, and may require you to verify yourself if something suspicious is detected on your account.

For example, if we believe your password may have been stolen, your account will be restricted and you may be able to unlock your account by getting a code sent to your registered mobile.

That is why it’s so important to keep your contact information up to date (you can do that here).

If your account is restricted in this way, when you attempt to login a note will pop up that stating that  ‘we believe someone has tried to access your account without your permission’.

It then gives you that option to have the code sent, or to call our Site Security team on 0800 334 332.

Entering this code back into the site completes the process, reopens your account and you’re good to go.

We also have a number of other security features on our end to help keep you safe, just incase your password is stolen.

For other websites that give you the choice of 2FA, it’s something we recommend 100% of the time.

With 2FA in place, if an attacker knows your password – they still can’t get into your account.

Take that suckers!

Most websites are set up so that you’ll need something you know (a unique password) as well as something you have (a phone they can text a code to) when you attempt to login on a new device.

Everybody does this a little differently though, so to set this up across your accounts you should start by looking at your account settings.

Toughen up your security with 2FA

  • Keep up your good password practicesthink unique, long and strong.

  • Keep your phone, device or hardware token in a safe place

  • If you receive a code for an account you weren’t trying to log into, change your password. Someone may have your password and be trying to get into your account. Check it out. 

  • Make sure that all of your contact information is kept up to date.

Change your password! Make it long and strong

Cyber Smart Week - Change Password - Newsletter Banner

Here at Trade Me we’ve signed up as an official partner of Cyber Smart Week, because your online security is something we hope you take as seriously as we do.

To kick things off let’s start with the basics.

If there is one thing we would expect our members to know off the bat it’s that keeping your password safe is important.

Your password is the magic key to your Trade Me account, and if not safeguarded correctly it can cause you a bunch of trouble down the line.

We won’t pretend that most of us don’t reuse passwords. We all know we shouldn’t, but it can be hard to keep track of everything and you should never write them down anywhere.

We’ve written in detail before about what you should be doing, as we all know what can happen when things go wrong, but at the bare minimum your Trade Me password should be different than your email password.

Scammers are clever.

They really are.

In August this year 711 million email addresses were publically released in the Onliner Spambot credentials dump – the largest dump to date. To put this into perspective if every one of these email addresses belonged to a different person then just over 9% of the world would have had theirs compromised.

While we can’t be sure where the list came from, we can be sure that since its release it has been used to target Trade Me members and other NZ companies.

Having a “” in your email address immediately identifies you as in NZ, and as we have over 4 million people on the site scammers are smart enough to use this to their advantage.

Using these email addresses scammers can contact you pretending to be Trade Me and sometimes it can look really, really good.

A lot of our members are educated enough about online security to know that the emails aren’t genuine, but it’s easy to click on something that looks friendly:


The above is a perfect example of this.

Clicking on that link would take you through to a page that looks like Trade Me, and would ask for your login information.

Maybe you’re tired, rushing, over-caffeinated, or trusting, but you don’t think anything of plugging your email and password in.

If the password for your email address is the same as the password for your Trade Me account the scammers now have access to it.

From here, your email can be used it to reset other passwords while also locking you out, attempting to compromise your contacts, and just generally making life unpleasant. The clean-up really isn’t worth it.

Ultimately 'future you' is best using a bunch of different passwords, with each online account having its own unique one.

If you’re not keen to try and remember them all you can always use a password manager. This is a neat option that stores everything, and will be the only login details you’d need to remember off the top of your head.

Cyber Smart Week

Cyber Smart Week - 2FA - Cyber Bot - Newsletter Banner

We are excited to be an official partner of Cyber Smart Week.

Cyber Smart Week is organised by CERT NZ and Connect Smart who have put together some great advice on how to keep yourself safe online.

If you’re short on time, they have put together a great 30 sec video to get you started.

Cyber Smart Week is happening around New Zealand from 27 November to 1 December and it’s all about doing one thing that can make a big difference.

Fortunately, keeping your data secure is much easier than you’d think.

The important thing is to take that first step, and when each step is a matter of a few clicks, it’s a no-brainer.  

It’s easy!

Doing just one of these things will help keep your data safe. Doing more than one will help even more!

  • Change your password make your passwords long and strong, and have a unique password for each online account.

  • Turn on two-factor authentication (2FA) – two-factor authentication is like having a second lock for your door. It's often a password, and something else, like a code.

  • Check your privacy settings – set your privacy settings so you know exactly who can see what you post on social media.

  • Update your operating system (OS) – keeping your OS up to date is a really good way to defend against bugs and viruses.

Get Cyber Smart this week

During Cyber Smart Week we want as many people as possible to do one thing to protect themselves. The Cyber Smart website has all the tips you need to get your family or workmates on board.

Check out our posts on making passwords long and strong and using 2 factor authentication.