Bazaraki Phishing – Fake Account Verification Scam

Posted byAnti-phishing Leave a comment on Bazaraki Phishing – Fake Account Verification Scam

This screenshot shows a phishing page impersonating Bazaraki, a major classifieds platform in Cyprus. The page uses a fake account restriction notice to pressure victims into providing personal and financial information.

Threat Analysis: Bazaraki Phishing – Fake Account Verification Scam

How it works:
The victim receives a message claiming their Bazaraki account has been restricted and requires identity verification within 24 hours. The page includes a checkbox to agree to terms and a “Verify” button. A fake live chat window appears, with a supposed support assistant explaining that the user must verify their account to receive funds or customer orders.

Clicking the “Verify” button leads to a subsequent page (not fully shown) that likely asks for:

  • Full name and contact details
  • Credit/debit card information (card number, expiry, CVV)
  • Online banking credentials
  • Personal identification documents

The goal:
The attacker aims to steal:

  • Login credentials for the victim’s Bazaraki account
  • Payment card details for fraudulent transactions
  • Personal identity information for further scams or identity theft

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not the official Bazaraki domain (bazaraki.com).
  • Threat of account restriction with a 24‑hour deadline: This is a classic fear tactic to rush victims into action without thinking.
  • Fake live chat support: The chat window is not a real help desk – it is a scripted message designed to make the page appear legitimate. A real support chat would not initiate contact with a pre‑written explanation about “the first stage of receiving funds”.
  • Request to “verify” before any details are entered: The current page only asks for a checkbox agreement, but the next page (after clicking “Verify”) will harvest sensitive data.
  • Unsolicited verification request: Bazaraki does not send links requiring users to verify their identity via external pages. All account-related actions are done within the official website after logging in normally.

What to do if you encounter this:

  • Do not click the “Verify” button or check the checkbox.
  • Do not interact with the fake chat or provide any information on subsequent pages.
  • If you are a Bazaraki user, always log in by typing bazaraki.com directly into your browser. Check your account status from the official dashboard.
  • If you have already clicked through and entered personal or card details, contact your bank immediately and change your Bazaraki password.
  • Report the phishing page to Bazaraki’s security team.

Protective measures:

  • Never click links in unsolicited messages claiming your account is restricted or needs verification.
  • Always type the official website URL directly into your browser.
  • Never trust a pop‑up support chat on a page you reached via a link – legitimate support chats appear only on official sites after you navigate there yourself.
  • Enable two‑factor authentication on your Bazaraki account and email.
  • Check the URL carefully – look for misspellings, extra words, or unusual top‑level domains.

Leave a comment

Your email address will not be published. Required fields are marked *