To kick things off let’s start with the basics.
If there is one thing we would expect our members to know off the bat it’s that keeping your password safe is important.
Your password is the magic key to your Trade Me account, and if not safeguarded correctly it can cause you a bunch of trouble down the line.
We won’t pretend that most of us don’t reuse passwords. We all know we shouldn’t, but it can be hard to keep track of everything and you should never write them down anywhere.
We’ve written in detail before about what you should be doing, as we all know what can happen when things go wrong, but at the bare minimum your Trade Me password should be different than your email password.
Scammers are clever.
They really are.
In August this year 711 million email addresses were publically released in the Onliner Spambot credentials dump – the largest dump to date. To put this into perspective if every one of these email addresses belonged to a different person then just over 9% of the world would have had theirs compromised.
While we can’t be sure where the list came from, we can be sure that since its release it has been used to target Trade Me members and other NZ companies.
Having a “.co.nz” in your email address immediately identifies you as in NZ, and as we have over 4 million people on the site scammers are smart enough to use this to their advantage.
Using these email addresses scammers can contact you pretending to be Trade Me and sometimes it can look really, really good.
A lot of our members are educated enough about online security to know that the emails aren’t genuine, but it’s easy to click on something that looks friendly:
The above is a perfect example of this.
Clicking on that link would take you through to a page that looks like Trade Me, and would ask for your login information.
Maybe you’re tired, rushing, over-caffeinated, or trusting, but you don’t think anything of plugging your email and password in.
If the password for your email address is the same as the password for your Trade Me account the scammers now have access to it.
From here, your email can be used it to reset other passwords while also locking you out, attempting to compromise your contacts, and just generally making life unpleasant. The clean-up really isn’t worth it.
Ultimately 'future you' is best using a bunch of different passwords, with each online account having its own unique one.
If you’re not keen to try and remember them all you can always use a password manager. This is a neat option that stores everything, and will be the only login details you’d need to remember off the top of your head.