How to Protect Your KIT Account

In order to protect the security of your account, it’s important to be able to recognize phishing attempts and spoof sites. Phishing is a term used when fraudulent individuals try to gain access to personal account details in order to commit fraud. Spoofs are websites or emails that attempt to mimic a particular company in order to trick users into providing their information. Most phishing attempts come in the form of spoof sites or emails.

Fraudsters go to great lengths to mimic real companies. They can use logos, similar email addresses and even the names of employees to appear more realistic. Learning to spot phishing attempts comes down to recognizing when you are dealing with the true organization, and when it may be a spoof. Here a few key signs to watch out for:

Alarmist statements

In an attempt to get users to act quickly, fraudsters often start messages with urgent claims such as “Your Account has been disabled. Change your password now to regain access or it will be deleted.” These can also be positive statements, such as “You’ve qualified for a discount! Confirm your account information now to receive free features!”

Asking for confidential Information

In order to gain access to your accounts, fraudsters ask for passwords, bank account or credit card information. Please note that our teams will never request this type of personal account information over email. We will also never send password reset emails unless you’ve specifically requested one through the “Forgot your Password?” button on the KIT login page.

Bad Spelling and Grammar

Many phishing attempts come from overseas, and often use odd phrasing, incorrect spelling or bad grammar.

Suspicious Email Addresses

Legitimate Kijiji emails will come from @marketing.kijiji.ca, @kijiji.ca, @kijijileads.com or @cargigi.com email addresses. Don’t be fooled by emails such as kijijisupport@hotmail.com or security@kijiji.support.ca

Spotting a Spoof Site

Whenever you are asked to enter in your password, double check the URL of the page. It should begin with https://www.kijiji.ca/ if accessing Kijiji or https://kit.kijiji.ca/ if logging into KIT. If you don’t see the S in https:// or if there is anything between kijiji.ca and the first forward slash (Ex. Kijiji.ca.spoof.com/), don’t click! Many browsers also have a secure connection symbol that will appear next to the URL as a small lock icon. Here’s what a secure URL looks like in the Chrome browser:

When asked to use a link within an email you can hover over it before clicking to see the true URL. Depending on what browser or email application you’re using, you may see this at the bottom of your window, or as a pop up next to your curser. If it looks suspicious, don’t click.

If you receive an email that you’re unsure of or you see unusual activity on your account, please contact our support team for more information.