Phishers target South Africa’s BidorBuy auction website

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

South African internet users should be on their guard as a wave of phishing emails have been spammed out pretending to be from the country’s largest internet auction website.

Emails intercepted by Sophos pretend to be from BidorBuy, and claim that the recipient’s account details have been stolen:

Bidorbuy phishing email

Attention! Your BidorBuy account was stolen!
This is a must to ensure that only you have access and use of your BidorBuy account and to ensure a safe BidorBuy experience.

Sign up to our free newsletter.
Security news, advice, and tips.

You can well understand that people might be alarmed if they receive a message saying their account has been stolen – imagining that someone else might be purchasing goods in an online auction using their details.

Clicking on the link, however, doesn’t take you to the real BidorBuy website but instead takes you to a phishing page set up on a Russian webserver.

It’s worth everybody remembering that phishing gangs and cybercriminals don’t just target users of multinational global brands such as eBay, PayPal and iTunes. They can also launch attacks targeted on local websites – hoping to make rich pickings if computer users aren’t wary enough.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.