Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicScam on trademe: how can
eraser2

11 posts

Geek


#306762 19-Aug-2023 00:07
Send private message

Hi guys

 

A new account on trademe just buy my cot that I did not put image on yet. Then I start to have this nice email that payment been done and redirect me to this website : https://9qr.de/rMcgda that then redirect me to https://trademe.paymenters.ink/209217097 

 

The thing is that: I cannot WHOIS this domain. How is it possible ? 

 

 

 

Next step: should I bother to report to NetSafe ? 

 

I need to claim back from trademe for sure ... 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
jarledb
Webhead
3257 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3117889 19-Aug-2023 01:58
Send private message

It is possible to whois the domain paymenters.ink. Here is one whois for it

 

Not much to get out of that though, all information about the registrant is hidden, and the site is behind Cloudflare.

 

Probably not a bad idea to report it to Trademe and to NetSafe.




Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.



Goosey
2830 posts

Uber Geek

Subscriber

  #3117903 19-Aug-2023 09:05
Send private message


you say you got an email ?  Was the listing buy now used or are you saying you got a seperate email.

 

  • report to trade me in the first instance

 

 

 

sqishy
470 posts

Ultimate Geek


  #3117948 19-Aug-2023 12:15
Send private message

I would report here...plus let Trademe know.



MarkM536
309 posts

Ultimate Geek


  #3117975 19-Aug-2023 15:59
Send private message

Same scam tried targeting me a month ago.

 

Report it to TradeMe and you will get a success fee refund.

 

 

 

The scam is to try and impersonate TradeMe with receiving payment from the seller. It asks which bank you are with, then asks you to login with your bank user/pass.

 

I went through the link via Tor browser.... the 'live chat' thing popped up and said "trademe staff: why do you use russian ip?", I burst out laughing LOL.

 

Bung
6480 posts

Uber Geek

Subscriber

  #3117990 19-Aug-2023 17:04
Send private message

MarkM536:

Same scam tried targeting me a month ago.


Report it to TradeMe and you will get a success fee refund.




As far as TradeMe are concerned has anything happened? The scammers bypassing the system shouldn't end the auction.

RunningMan
8955 posts

Uber Geek


  #3117992 19-Aug-2023 17:06
Send private message

Yes, a scammer clicked the buy now. The account will need to be closed by TM and the success fee refunded.

MarkM536
309 posts

Ultimate Geek


  #3118007 19-Aug-2023 18:00
Send private message

Bung:

As far as TradeMe are concerned has anything happened? The scammers bypassing the system shouldn't end the auction.

 

The scammer just clicked 'Buy now' on my auction.

 

TradeMe auto email sent, then a few minutes later their fraudulent email sent. TradeMe gives the seller's (me) email address and name on winning the auction, it would be easy for the scammers to make an automated web scraper to compile this information into an email.

 

 

 

Scam account was 1 month old and had zero feedback. First feedback was a negative from me, then another person. 

 

Two negative feedbacks within 2 hours seems to be the magic number, TradeMe disabled the seller account. I don't know if this was automatic or the nightshift staff at TradeMe seeing it flagged.

 

The following morning I had a standard email saying I had a success fee refund. Next email 1 hour later was warning this buyer was fraudulent. A few hours later I had a reply to my email about this being a scam.

 

 

 

On TradeMe community forums there is a lot more posts about this happening....

 

Even members with 1k+ positive feedback are the scam buyers. So my guess is the scammer(s) behind this are using password data breaches or cookie authentication token scanning malware to compromise these TradeMe accounts.

 

 

 

Which leaves TradeMe with a difficult solution of how to manage these scams.

 

My ideas:

 

Buying/bidding timing:

 

  • A new user can only buy a maximum of 2 items within 30 minutes. They need to wait 24 hours before they can purchase again. Shortening this period by receiving positive feedback would likely get abused by two scammer accounts buying off each other.
  • Buying more than 5 auctions within 24 hours prompts for the user to verify their password.
  • Detecting buyers who tend to buy or bid without adding to their watchlist at least 10min prior. An automatic block if this is done multiple times within 15 minutes.

Login/location:

 

  • Browser auth cookie tokens change on each login, IP change and purchase.
  • TradeMe systems work out if you are at your home based on your IP geolocation is close by or the nearest exchange. This IP geolocation and using your web browsers info on your device to workout if it's not the same device within your network. TradeMe already knows your address when you make an account or add shipping information.
  • TradeMe takes note of your phone's carrier when you access via 4G/5G with the IP address and prompt to login again if the carrier changes (people don't change phone carriers often!).

Account information by the scam buyer/seller:

 

  • Use TradeMe property to check if the new account's shipping address is a house which is for sale or rent.
  • Check if the phone number is actually a New Zealand carrier or a VOIP.

Maybe a Geek on here also works for TradeMe 😄.

 
 
 
 

Shop now on AliExpress (affiliate link).
eraser2

11 posts

Geek


  #3118023 19-Aug-2023 20:43
Send private message

Goosey:

 


you say you got an email ?  Was the listing buy now used or are you saying you got a seperate email.

 

 

 

 

Yup my listing have a Buy Now option. So the bot/scammer trigger the Buy Now. The rest is pretty much explained by MarkM536 above

 

Re idea how to block this : I don't think using IP location will work as some people use proxy or Tor, which then bounce all over the place.

 

May be have a requirement of $2 in the account before one can buy stuff on TradeMe. $2 is nothing a genuine user. $2 per account closed because you were detected as scammer: that will probably make it way less attractive to scammer ??

 

 

MarkM536
309 posts

Ultimate Geek


  #3118031 19-Aug-2023 22:13
Send private message

eraser2:

 

Re idea how to block this : I don't think using IP location will work as some people use proxy or Tor, which then bounce all over the place.

 

May be have a requirement of $2 in the account before one can buy stuff on TradeMe. $2 is nothing a genuine user. $2 per account closed because you were detected as scammer: that will probably make it way less attractive to scammer ??

 

 

Yes... $2 in the TradeMe balance would be a good way to weed out scammeras.

 

That means credit card payments and bank transfers are traceable.

 

 

 

Why didn't I think of that simple thing.... :/

RunningMan
8955 posts

Uber Geek


  #3118056 20-Aug-2023 09:05
Send private message

eraser2:

 

May be have a requirement of $2 in the account before one can buy stuff on TradeMe. 

 

 

They already do. It's called Authenticated Member, but as the seller you need to enable it for your auction when starting the listing. Tick the only enable bids from Authenticated Members checkbox.

 

To be Authenticated you either need to top up the account $1 or use buy now on an auction and pay with Ping. Either way they get a credit card number to track.

 

https://help.trademe.co.nz/hc/en-us/articles/360007263251-Authenticating-your-account 

FineWine
2981 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #3118116 20-Aug-2023 10:52
Send private message

MarkM536:

 

Same scam tried targeting me a month ago.

 

Report it to TradeMe and you will get a success fee refund.

 

The scam is to try and impersonate TradeMe with receiving payment from the seller. It asks which bank you are with, then asks you to login with your bank user/pass.

 

I went through the link via Tor browser.... the 'live chat' thing popped up and said "trademe staff: why do you use russian ip?", I burst out laughing LOL.

 

 

Yep, grammar trips the scammers up all the time. The sentenance should read:

 

Mark M. We are thrilled to inform you that an interested buyer has expressed interest in your product listed on our website. The buyer is eager to purchase it. We thank you for posting your item and urge you to confirm the sale to completely conclude this transaction.




Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

RunningMan
8955 posts

Uber Geek


  #3118120 20-Aug-2023 11:20
Send private message

FineWine: [snip]

 

Yep, grammar trips the scammers up all the time. The sentenance sentence should read:

 

 

So does the spelling 😂

Rikkitic
Awrrr
18660 posts

Uber Geek

Lifetime subscriber

  #3118170 20-Aug-2023 11:48
Send private message

Also weird phrasing. A romance scam might be 'thrilled' to offer you a match, but Trade Me is highly unlikely to stick something like that in a boiler plate.

 

 




Plesse igmore amd axxept applogies in adbance fir anu typos

 


 

frankv
5680 posts

Uber Geek

Lifetime subscriber

  #3118242 20-Aug-2023 15:08
Send private message

FineWine:

 

The sentenance [sic] should read:

 

...

 

 

Please edit/delete your post. We do not want scammers to be educated in proper English, and we certainly don't want to provide them with a template.

 

 

MarkM536
309 posts

Ultimate Geek


  #3118342 20-Aug-2023 23:55
Send private message

From the screen recording I did when I got the scam email. I just edited it down this evening.

 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright