Online Safety

Recognising Phishing and Spoof Attempts

In order to protect the security of your account, it’s important to be able to recognize phishing attempts and spoof sites. Phishing is a term used when fraudsters try to gain access to personal account logins. Spoofs are websites or emails that attempt to mimic a particular company in order to trick users into providing their information. Most phishing attempts come in the form of spoof sites or emails.

  • Spotting a Phishing Attempt
    Fraudsters go to great lengths to mimic real companies. They can use logos, similar email addresses, and even the names of employees to appear more realistic. Learning to spot phishing attempts comes down to recognising when you are dealing with the true organization, and when it may be a spoof. Here a few key signs to watch out for:
  • Alarmist statements
    In an attempt to get users to act quickly, fraudsters often start messages with urgent claims such as ‘Your Account has been disabled. Change your password now to regain access or it will be deleted.’ These can also be positive statements, such as ‘You’ve qualified for a discount! Confirm your account information now to receive free features!’
  • Asking for confidential Information
    In order to gain access to your accounts, fraudsters ask for passwords, bank accounts, or credit card information. Our team will never request this type of personal account information over email. We will also never send password reset emails unless you’ve specifically requested one through the ‘Forgot your password?’ button on the ADLOT login page.
  • Bad Spelling and Grammar
    Many phishing attempts come from overseas, and often use odd phrasing, incorrect spelling or bad grammar.
  • Suspicious Email Addresses
    Legitimate ADLOT email will be from email address only.
  • Spotting a Spoof Site
    Whenever you are asked to enter in your password, double check the URL of the page. It should read as If you don’t see the S in https:// or if there is anything between and the first forward slash (Ex., don’t click. Many browsers also have a secure connection symbol that will appear next to the URL as a small lock icon. When asked to use a link within an email you can hover over it before clicking to see the true URL. Depending on what browser or email application you’re using, you may see this at the bottom of your window, or as a pop up next to your curser. If it looks suspicious, don’t click.
  • What to Do
    If you receive a phishing attempt, don’t open any links, download any attachments, or provide any of your information. Report this attempt to our customer service team. When you report this please include a copy of the email, a screen shot of the site and the spoof site URL. If escalated to our Customer Service Team we will forward this information to our specialized team to have the site shut down. We will then forward the information you provide to our specialized teams to have the spoof site shut down.

What Information Can Be Seen When I Post?

In this day and age, privacy is on everyone’s mind. Gumtree protects your privacy by giving you complete control over what information other users can see. Below, we’ll explain how to work with the security measures that ADLOT has in place to keep you safe.

  • Emails and Phone Numbers
    By default, ADLOT hide your email and phone number by providing a message box so customers can contact you. It can be tempting to include contact information in the body of your ad to speed up communication. However, by putting this information in the description you’re side-stepping the protections we’ve put in place to protect your information. This can increase the chance that you’ll be contacted by those who would otherwise not be able to get around our security measures.
  • Name
    The name in your username is the name that will appear on your ads. It’s safest to use a unique username and not your name as username.
  • Address
    When you post an ad on ADLOT, you can select a country and input your address.If you don’t want other users to see your address, you can always leave the address option empty. Giving out your street address shouldn’t be necessary in most cases. We recommend meeting at a safe third-party location whenever possible. If you are selling something that cannot be easily moved, it’s best to only provide your address once you’ve agreed to make the deal or arranged an inspection. Posting your address in the ad description is not recommended.

Suspicious Emails

In an increasingly online world, it can be hard to know what’s suspicious and what’s not. But there’s no need to be afraid of buying online. Once you know what to look for, scams are often easy to spot. There are two basic types of email scams that it’s important to be able to recognise.

  • Phishing Emails
    Phishing is when fraudsters pretend to be a legitimate person or company to gain access to your information. They are usually looking to get your account login details, financial information, or identification. To learn to identify phishing attempts, read Recognising Phishing and Spoof Attempts. If you receive a phishing attempt, don’t open any links, download any attachments, or provide any of your information. Contact our customer support team right away to let us know. We will ask you to forward us the email, or a screenshot if it was a pop up on web or mobile. After sending this information to us, delete the email.
  • Money Scams
    Money scams are when fraudsters attempt to convince others to send them money, often in return for something that doesn’t actually exist. This is the most traditional type of scam. Many assume that only buyers are vulnerable to these types of scams, but there are some versions that target sellers. Although they can come in many forms, they have similar warning signs:
  • They Move the Conversation to a New Platform
    ADLOT has specific security measures in place to try and prevent scam. To avoid these systems, fraudsters will often request that you leave ADLOT and contact them through a private platform be cautious.
  • They Can’t Meet In Person
    Fraudsters will often work remotely. This is partly because they need to cast a wide net to make money and partly for their own safety. They may have an elaborate excuse that makes them sound legitimate. Some common stories are that they work in an offshore oil rig, that they’re a member of the military, or that they’re buying a special present for a family member from overseas. If a buyer or seller refuses to meet in person, it may be best to move on.
  • Odd Payment Requests
    Since fraudsters don’t usually meet in person, they need the money digitally. They may ask that you send them money through a method with no guarantees. Favourites include MoneyGram, Western Union, and other types of money transfer. They may also request payment through PayPal but insist that you use the Friends & Family setting so that you are offered less protection. They can even create fake PayPal emails. For more information on making safe payments, read our Safe Payments article.
    • Scams aimed at buyers are generally simple, but there are two types:
      – They ask you to pay for the item before you meet up.
      – They ask for a deposit for an item you haven’t seen.
    • There are 3 main types of scams aimed ast sellers:
      – They insist that you ship the item to them before payment.
      – They send you a payment notification or receipt and ask you to transfer some funds back to them before the full payment comes through.
      – They send you a fake payment notification or receipt, then ask you to transfer some of that money to a shipping company. Not only do they tell you which company to use, but also which account number.

If have reason to suspect that an ad is a scam, don’t proceed any further with the transaction and reach out to our Customer Support team to let us know.

Received an Email About an Ad I Didn’t Post

Whenever an ad is posted on your account, we’ll send an email to your account’s Primary email address to let you know. If you unexpectedly receive an email from ADLOT confirming that you just posted an ad, but you did not actually post the ad, then someone else may have gained access to your account. Fraudsters will sometimes take over genuine seller’s accounts to attempt to defraud the community.

If someone has gained access to your ADLOT account, contact our customer support team and provide the Ad ID numbers of the falsely posted ads. A member of our team will then be able to reset your account and walk you through the process of regaining control.

  • How Fraudsters Gain Access to An Account
    ADLOT accounts are most often accessed through a method called phishing. Phishing is a process where fraudsters send others fake emails that look like they are from ADLOT. They may also appear as pop-up ads. They will then ask you to sign in via a fake ADLOT site, or request that you tell them your password. Once you’ve entered your email and password, they can use these details on the real ADLOT site to access your account.

Note: ADLOT customer support will never ask for your password. If you receive an email asking for your account password, this is a phishing attempt.

To ensure that you do not fall for phishing attacks, learn to recognise phishing emails and always make sure that you’re logging in to the real ADLOT site. When you login to ADLOT the address in your web browser should look like this: