Yad2 phishing page in Hebrew detected

Posted byAnti-phishing Leave a comment on Yad2 phishing page in Hebrew detected

This is a two-step classified ads/phishing scam targeting users in Israel, impersonating the popular Israeli classified platform Yad2. The scam is designed to steal credit card details from sellers by creating a fake “payment received” notification.

Yad2 Classifieds Phishing – Fake “Payment Received” & Card Harvesting (Israeli Variant)

This phishing campaign impersonates Yad2, a leading classified advertisements platform in Israel. The scam targets sellers by creating a fake transaction confirmation page and then requesting credit card details under the guise of “receiving funds” for a sold item.

How it works:
A seller receives a message—likely via the Yad2 messaging system, SMS, or other chat app—from a potential buyer claiming to have paid for the item. The message includes a link to a phishing page that mimics Yad2’s payment interface.

Step 1 – Fake Payment Confirmation Page
The first page displays:

  • The Yad2 logo and branding
  • A specific item (in this case, a product listed at 490 ILS, Israeli shekels)
  • Fabricated buyer details, including a name and an address in Haifa
  • A fake reference or tracking number
  • A button designed to make the seller believe they can “receive” or “claim” the payment

The page is designed to look like an official Yad2 payment confirmation, creating the impression that the buyer has already paid and the funds are waiting.

Step 2 – Credit Card Harvesting Page
After clicking the button, the seller is taken to a second page that requests:

  • Full credit card number
  • Expiration date (month and year)
  • CVC security code

This page also displays the transaction amount (490 ILS) and a reference number to maintain the illusion of a legitimate payment process.

The goal:
The attacker steals the seller’s credit card details. There is no actual buyer or payment—the entire transaction is fabricated. Once the seller submits their card information, the attacker can make unauthorized purchases or sell the data.

Red flags to watch for (without quoting specific text):

  • Illogical request for card details: A seller receiving money should never be asked to enter their credit card information. Receiving funds requires providing bank account details (such as IBAN) or linking a payout method like PayPal—not entering a full card number, expiry date, and CVC.
  • Suspicious URL: The pages are hosted on a domain that is not yad2.co.il. Always check the address bar before entering any information.
  • Fake buyer details: The scam includes plausible but unverifiable buyer information (name, address) to make the transaction seem real. On legitimate Yad2 transactions, payment details and buyer information are handled through the platform’s official system, not displayed on a third-party page.
  • No login required: A legitimate sale on Yad2 would appear in the seller’s account dashboard after logging in. This scam bypasses that entirely, asking for card details without any account authentication.
  • Generic payment form: The second page lacks integration with Yad2’s actual payment providers (such as credit card gateways or PayPal) and does not display the security indicators expected from a legitimate checkout page.

What to do if you encounter this:

  • Do not click any buttons claiming payment is ready.
  • Do not enter your credit card number, expiry date, or CVC on such pages.
  • If you are selling on Yad2, always log into your account directly (by typing yad2.co.il into your browser) to check for real sales and payment status.
  • Never trust links sent by buyers claiming they have paid—legitimate buyers use the platform’s official payment or communication channels.
  • If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Yad2’s support team so they can take action to protect other users.

Why this scam is effective:
Yad2 is one of Israel’s most widely used platforms for buying and selling second-hand goods. Sellers are accustomed to receiving messages from buyers and may not suspect a link that appears to show a legitimate-looking payment confirmation. The use of Hebrew text, local addresses, and shekel amounts makes the scam culturally and contextually convincing. The relatively modest amount (490 ILS) is realistic for a typical second-hand item, reducing suspicion.

Protective measures:

  • Always verify any sale by logging directly into your Yad2 account—never through a link sent in a message.
  • Never enter credit card details to receive payment. Payment to sellers is typically handled through bank transfer, cash on pickup, or platform-integrated payment methods that do not require re-entering card details for each transaction.
  • Be suspicious of any message that creates urgency or claims payment is already “waiting” but requires you to click an external link.
  • Enable two-factor authentication (2FA) on your email and any linked payment accounts.
  • If a buyer sends you a link to “claim” payment, treat it as a red flag and verify directly through the platform’s official app or website.

Leave a comment

Your email address will not be published. Required fields are marked *