Gumtree account locked phishing email states

Gumtree account locked phishing email states

The latest round of phishing emails targeting Gumtree account users tell the recipient, in effect, that their account has been locked. The email is a fake, and can be deleted.

For those readers who may not have heard of Gumtree, it was originally a site put together for the benefit of Australians, New Zealanders and South Africans living in England. The idea behind it was assist in finding jobs, accommodation and other information. Gumtree has been owned by eBay since 2005.

Figure A shows the email in question. It is a fairly basic type of phishing email. The picture that the criminals originally added to the email was broken in all the email versions we received. The email does not use a salutation. Subject of the email is shown as “Dear Gumtree Member”, whilst the sender is listed as “support”.

MailShark Gumtree account locked phishing email states
Figure A – Click to Enlarge

The email opens by stating that “For security purposes, your online account has been locked.” The email goes on to provide a link that will allow the recipient to “restore” their account. There is a simple copyright statement located on the bottom right corner of the email. This particular email has been hitting our email filters over the last week, with varying levels of intensity.

This email is quite a simple phishing email. The lack of a brand logo that can survive propagation through the internet is a notable fail on the part of the criminals. Aside from that particular issue, the sole link contained in the email does not lead back to a Gumtree site or an affiliated site. Instead it leads to a phishing site. The phishing site is designed to harvest details such as login credentials and credit card details.

Despite the simplicity of this email, it may still catch some users unaware, particularly if they are accessing email via a mobile device. As we stated earlier, phishing can be surprisingly effective, especially given the large volumes that criminals typically send out in a phishing campaign. Even a 1% hit rate can be high if criminals send out 100,000 emails.

If you do receive this email delete it.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

Post Comment