• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

AutoTrader.com Fraud Alert for Dealers

Jeff Kershner

May 1, 2005
First Name
Dear AutoTrader.com Dealer Customer:

AutoTrader.com takes fraud very seriously and we want to alert you to fraudulent activities as soon as possible. It has come to our attention that a small percentage of our dealer customers, including your dealership, may have received one or more fraudulent email leads. If you received or receive emails or faxes from the following alias, or that read like below, please be aware it is not legitimate.

Comments vary but generally contain:
Is still valid?
I want this car..Is it still available?
Is the clear title?
Is your vehicle still available. If so I am very interested

Email domains:

Names vary but generally contain:
FirstnameMiLastname in sentence case.

What's next?
If you have not responded, please do not reply back to emails from these addresses. If you have already responded to the email lead, be aware that you may receive a fraudulent or “phishing†email over the next few weeks. Once scammers obtain your email address, they may contact you in what appears to be a message from AutoTrader.com asking you for personal information such as a log-in and password.

How do I determine if an email lead is fake or fraudulent?
In this situation, there's no way for you to distinguish between a legitimate lead and a fake one. Fake email leads are a rare occurrence so the vast majority, if not all, of your leads are from actual car shoppers. Your dealership should continue to handle and respond to email leads per your usual process. Just heighten your awareness to potential phishing scams that ask you to reply with personal information.

As an important reminder, AutoTrader.com will NEVER ask you via email for your log-in, password or other personal information. If you receive an email asking you to access a website and enter such information, please ignore the email.

While these fraudulent activities are beyond our control, we are continuing to identify suspicious activity and taking action to protect your best interests. This is the time of year when fraudsters typically escalate their efforts and we encourage you to be particularly cautious. If you have any questions or suspect that an email you've received is fraudulent, please contact AutoTrader.com Dealer Support immediately at 1-800-353-9350.

Thank you,

Mike Winn
Vice President, Customer Operations


What is it? Phishing is a type of deception designed to steal your valuable or personal data such as passwords, account data or other information.

Who sends it? Fraudulent email messages appear to come from websites you trust but are really from con artists seeking your personal information.

How do I identify it? This is very tricky. Phishing emails and websites have become very sophisticated - often looking very similar to legitimate Web sites.

Be sure to monitor the actual web address that you are accessing. The link you are urged to click may have all or part of the real company's name in it.

The main thing phishing email messages have in common is that they ask for personal data or direct you to web sites or phone numbers to call where they ask you to provide personal data - such as your username and password - that the legitimate organization already has.

Here are a few phrases to look for if you think an email is a phishing scam:
"Verify your account." Businesses should not ask you via email to send passwords, log in names, Social Security numbers or other personal information.

"If you don't respond, your account will be closed." These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.

"Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.
Learn more about DrivenData