Do PH send out texts about your classified add?
Discussion
Morning everybody,
Just a short note to warn you all about a WhatsApp scam I've been targeted with (following putting a car for sale advert' up on Pistonheads last Friday).
I received a suspicious WhatsApp message offering to buy the car unseen for the full asking price via PayPal (and containing some cock and bull story in Pigeon English about "buying a present for my husband"). The key phrase used was this:
"your asking price is quite reasonable and affordable considering others I've seen lately,"
Googling the above phrase led to this link:
https://www.consumer.ftc.gov/blog/2014/11/online-s...
If you publish your phone number in a Pistonheads ad', and have a WhatsApp account, you could get sent this too. Notably, all my genuine enquiries came through the Pistonheads messaging service, so I think it may be a good idea not to include your phone number in any ads'. I think the scammers must scrape the website for top level descriptions, prices and phone numbers (another suspicious thing about the message, apart from having content looking like it was transcript from a foreign call centre, was it asked for the mileage yet this is shown twice at the start of my advert' and the fourth photo' is of the odometer!)
Cheers.
Just a short note to warn you all about a WhatsApp scam I've been targeted with (following putting a car for sale advert' up on Pistonheads last Friday).
I received a suspicious WhatsApp message offering to buy the car unseen for the full asking price via PayPal (and containing some cock and bull story in Pigeon English about "buying a present for my husband"). The key phrase used was this:
"your asking price is quite reasonable and affordable considering others I've seen lately,"
Googling the above phrase led to this link:
https://www.consumer.ftc.gov/blog/2014/11/online-s...
If you publish your phone number in a Pistonheads ad', and have a WhatsApp account, you could get sent this too. Notably, all my genuine enquiries came through the Pistonheads messaging service, so I think it may be a good idea not to include your phone number in any ads'. I think the scammers must scrape the website for top level descriptions, prices and phone numbers (another suspicious thing about the message, apart from having content looking like it was transcript from a foreign call centre, was it asked for the mileage yet this is shown twice at the start of my advert' and the fourth photo' is of the odometer!)
Cheers.
Edmundo2 said:
I've just received the same What's app enquiry from "Suzanne"..
I've told her where to go.
TBH I hadn't noticed PH doesn't encrypt your phone number. I'll remove mine.
Thanks for the heads up..
Thanks for your positive feedback (earlier replies had started to make me regret starting the post but your comment makes it worthwhile - my faith is restored I've told her where to go.
TBH I hadn't noticed PH doesn't encrypt your phone number. I'll remove mine.
Thanks for the heads up..
)mikdys said:
Thanks for your positive feedback (earlier replies had started to make me regret starting the post but your comment makes it worthwhile - my faith is restored )
I didn't mention the name earlier, in case of the 0.0001% possibility it was genuine, but the name used was the same: Suzanne. )I'll bet the content was the same also. Here is the full message (verbatim as originally written):
"My name is Suzanne, I serve in the United Kingdom and currently stationed at Army Air Corps at Middle Wallop. I am okay with the condition Likewise your asking price is quite reasonable and affordable considering others I've seen lately,I'll have it for the listed price. I'm interested and consider it sold as am buying it for my husband as a surprise gift to our new Home we are planning on moving into and which i don't want him to know about until it is picked up. Do you accept PayPal? Any damages? How many miles on it? Are you the original owner and why are you selling? Do you have the logbook in hand?"
Thank you for sharing these, we'll be sending an email out to all private sellers shortly to make them aware.
We do not send WhatsApp or SMS text messages. If you receive a phishing message from someone pretending to be PistonHeads, please ignore it and do not click any links or respond.
We will only contact you by email from @pistonheads.com or @em.pistonheads.com and we will never ask you to log into your account by email.
If you do click a link in an email, always check for the padlock symbol on your browser and that the URL for the website is www.pistonheads.com.
If you are in any doubt, please contact us on 0808 178 3318 or at fraud@pistonheads.com. Lines are open 09:00-17:00 Monday to Friday.
We do not send WhatsApp or SMS text messages. If you receive a phishing message from someone pretending to be PistonHeads, please ignore it and do not click any links or respond.
We will only contact you by email from @pistonheads.com or @em.pistonheads.com and we will never ask you to log into your account by email.
If you do click a link in an email, always check for the padlock symbol on your browser and that the URL for the website is www.pistonheads.com.
If you are in any doubt, please contact us on 0808 178 3318 or at fraud@pistonheads.com. Lines are open 09:00-17:00 Monday to Friday.
Thank you for your interest.
I would like to suggest the "vulnerability" of my advert' initially was that my phone number was published by Pistonheads at the top of the advert's page, along with the description and price. These three items of data then became the scammer's reference in their communication to me. I doubt anybody, or any automation, looked at any further detail from the advert.
When an advert is submitted your site asks for a phone number and this is then published at the top of the advert'. This data field is optional but I think you should have a warning alongside the data field making it clear that this number will be published and could be a security risk if it relates to a smartphone.
The BMFA, where I have also placed ad's, warns about this risk (please see the attached image) and maybe you could consider a similar message?
Cheers.
I would like to suggest the "vulnerability" of my advert' initially was that my phone number was published by Pistonheads at the top of the advert's page, along with the description and price. These three items of data then became the scammer's reference in their communication to me. I doubt anybody, or any automation, looked at any further detail from the advert.
When an advert is submitted your site asks for a phone number and this is then published at the top of the advert'. This data field is optional but I think you should have a warning alongside the data field making it clear that this number will be published and could be a security risk if it relates to a smartphone.
The BMFA, where I have also placed ad's, warns about this risk (please see the attached image) and maybe you could consider a similar message?
Cheers.
I’ve got a car listed at the moment & got this text:
“Pistonheads: Lisa, emailed us regarding your listed car, Is it still up for sale? kindly send email via xxxxxxx@gmail.com with your firm price email only.
Reply "YES" to continue receiving updates.”
Is that genuinely from Pistonheads? Sounds kind of dodgy, I don’t like clicking on random links!
(I changed the email address incase it is genuine)
“Pistonheads: Lisa, emailed us regarding your listed car, Is it still up for sale? kindly send email via xxxxxxx@gmail.com with your firm price email only.
Reply "YES" to continue receiving updates.”
Is that genuinely from Pistonheads? Sounds kind of dodgy, I don’t like clicking on random links!
(I changed the email address incase it is genuine)
We do not send WhatsApp or SMS text messages. If you receive a phishing message from someone pretending to be PistonHeads, please ignore it and do not click any links or respond.
We will only contact you by email from @pistonheads.com or @em.pistonheads.com and we will never ask you to log into your account by email.
If you do click a link in an email, always check for the padlock symbol on your browser and that the URL for the website is www.pistonheads.com.
If you are in any doubt, please contact us on 0808 178 3318 or at fraud@pistonheads.com. Lines are open 09:00-17:00 Monday to Friday.
We will only contact you by email from @pistonheads.com or @em.pistonheads.com and we will never ask you to log into your account by email.
If you do click a link in an email, always check for the padlock symbol on your browser and that the URL for the website is www.pistonheads.com.
If you are in any doubt, please contact us on 0808 178 3318 or at fraud@pistonheads.com. Lines are open 09:00-17:00 Monday to Friday.
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff