Latest fraud advice
Text Message Fraud: carsguide.com.au encourages you to take precautionary measures when responding to possible buyers and any text message requests for personal details such as email. We encourage you to not respond via email to interested parties as this is a common fraud practice. Please Note: carsguide.com.au will not contact you via SMS at any stage other than during step one of creating your car advertisement. This text will only ever include a verify code to enter during step one of uploading your car details. carsguide.com.au will never request you to do this more than once. Check out these examples.
carsguide Solutions or Secure carsguide or cars guide Support: carsguide.com.au is NOT associated with and does not recommend that buyers/sellers utilise ANY 3rd party websites that are not directly linked from carsguide.com.au. We urge users to take caution when communicating with sellers and look out for any potential scammers. In particular, carsguide.com.au is not associated with any payment services such as PayProtect, which is not available on the carsguide platform. If someone asks you to send money via PayProtect or a 3rd party platform you should contact us immediately.
Money to post advertisements - carsguide has become aware that scammers have started offering people money to post multiple Ads on the site. If you have responded to a job offer like this recently please contact us using the below form. Any abuse of the website will be reported to the police.
Responsible Disclosure Program
At Carsguide we take user safety seriously and strive to ensure a safe experience for you when you use our websites. When properly reported, we will quickly investigate all legitimate reports of security vulnerabilities and try to fix potential problems. We have adopted a responsible disclosure policy to encourage reports.
We recognize the important role that security researchers and our community play in keeping Carsguide and our customers secure. If you believe you've found a vulnerability, we would like to work with you to investigate it as quickly as possible. Please send us as much information as possible to help us better understand the nature and scope of the possible issue.
Responsible disclosure policy
In the event you discover a site or product vulnerability, please notify us using the guidelines below. In order to enable us to review your notification and respond to your report, we will require some time to review. Therefore, we kindly request you to give us reasonable time to revert before you make any information public regarding the vulnerability and make a good faith effort to avoid destruction of data and interruption or degradation of our service during your research. In the event we believe you are not acting in good faith, we reserve all rights to bring a lawsuit against you or ask law enforcement to investigate you.
Guidelines for responsible disclosure
- Share the site or product vulnerability with us without making it public.
- Report in a manner that safeguards the confidentiality of the report only through the following URL: https://app.zerocopter.com/en/rd/b39d79eb-19ab-4066-9201-f000d0e0c4be
- Allow us a reasonable amount of time (depending on the type of vulnerability or issue you report) to respond to the issue before disclosing it to others.
- Provide full details of the site or product vulnerability, including Proof-of-Concept URL, the details of the system where the tests were conducted and detailed reproduction steps.
- Once you have provided us with the information as described above, we will investigate the reported matter. As soon as we have a understanding/assessment of the vulnerability, we will determine what type of vulnerability it is.
- In case any vulnerability would constitute or lead to a personal data breach, as defined by applicable law, we will notify such personal data breach in accordance with the requirements under applicable law.
Do not engage in security research that involves:
- Potential or actual damage to users, systems, data or applications.
- Exploit a vulnerability further than necessary to establish its existence.
- Viewing other users’ data the corruption of data
- Conducting any activities that may disrupt our services.
- The use of port scans on our network blocks or executing DDoS attacks.
- Violating privacy policies, destroying data, interrupt or otherwise degrading Marktplaats.nl systems or the systems of our affiliates during your research.
Reporting a security vulnerability
If you believe you have discovered a site or product vulnerability in a Carsguide hosted website, please send a report with a thorough explanation of the vulnerability via Zerocopter using the link below.
https://app.zerocopter.com/en/rd/b39d79eb-19ab-4066-9201-f000d0e0c4be
If you are attempting to report spam or abuse, please send an email to: support@carsguide.com.au
Security vulnerability bounty
To show our appreciation for our security researchers and community, we offer a monetary bounty for reporting certain qualifying security vulnerabilities to us. Here's how it works:
Eligibility
To qualify for a bounty, you must:
- Adhere to our responsible disclosure policy as outlined above;
- Give us a reasonable amount of time (depending on the type of vulnerability or issue you report) to respond to your report before making any information public and make a good faith effort to avoid destruction of data and interruption or degradation of our service during your research;
- Be the first person to report the vulnerability responsibly and fully (including steps to reproduce);
- Report a vulnerability that could compromise the integrity of Carsguide data.
- Act in good faith.
- Our security team will assess each vulnerability to determine if it qualifies.
Rewards
Certain site and product vulnerabilities that are being reported may lead to monetary rewards at’ Carsguide sole discretion.
We only reward the first reporter of a vulnerability. Public disclosure of the vulnerability prior to resolution may cancel a pending reward. We reserve the right to disqualify individuals from the program for disrespectful or disruptive behavior.
We will not negotiate the payout amount in response to duress or threats (e.g. withholding the vulnerability or threat of releasing the vulnerability or any exposed data to the public).
Exclusions
The following security vulnerabilities are NOT eligible for a bounty (and we do not recommend testing for these):
- Denial of Service Vulnerabilities( this includes any rate-limiting functionalities, multiple emails sending(mail bombing), brute forcing attempts)
- Spam, Phishing or Social Engineering techniques
- Brute force password cracking
- Use of outdated software / library versions
- "Advisory" or "Informational" reports that do not include any Carsguide specific testing or context
What can you expect from us?
- You can expect us to respond on your message within 5 business days.
- We will not pass on your personal details to third parties without your permission, unless it is necessary to comply with a legal obligation. You may report under a pseudonym or anonymously.
- We will keep you informed of the progress while resolving the issue.
- In the public information concerning the reported problem, we will give your name as the discoverer of the problem (unless you desire otherwise).
- We will handle your report with strict confidentiality and not pass on your personal details to third parties without permission.
- We only reward the first reporter of a vulnerability. Public disclosure of the vulnerability prior to resolution may cancel a pending reward. We reserve the right to disqualify individuals from the program for disrespectful or disruptive behavior.
- If users/individuals do not adhere to the above mentioned policies, we reserve the right to take appropriate (legal) measures and/or get law enforcement involved.
Set your budgetWork out how much you can afford to spend, and don't fo
On the whole, buying and selling a car online is an easy and safe proc
