How can you recognise phishing on second-hand platforms?

As a buyer

The risk of falling victim to phishing as a buyer is high, especially on Marketplace (Source: Safeonweb). Second-hand platforms such as Vinted and 2ehands offer secure payment methods via Bancontact or Payconiq in the application or chat. So you don't need to exchange your bank details. This is not the case on Marketplace, so payments are mainly made by bank transfer or QR payment code. And this is often where the risk of phishing lies.

If you receive a payment link in which you have to enter your bank details or even your passwords, you can be sure that it is not secure. If this is the case, it is most likely a scam or fraud. This is how cybercriminals try to steal your bank details.

As a seller

If you want to sell something online, a so-called buyer may offer to have the item collected by a third party. You will then receive a web link from a - seemingly - reliable organisation (Bpost, PostNL...), where you will need to enter your bank or credit card details in order to receive payment.

In many cases, you will then receive a second message asking you to make a payment to validate the order. This amount is supposed to be refunded to you once the item sold has been delivered to the buyer*. This is undoubtedly a phishing attempt because

• You are asked to provide your payment details (bank account number, password or PIN code). The only data the buyer may need is your IBAN number.
• You receive a payment link, when you should be receiving money. After all, if you need to receive money, you create and share the payment request.

How can I buy or sell something safely on Marketplace? Check out these golden rules for secure online payments.

Sources:
Safeonweb (https://safeonweb.be/en/blog/beware-when-using-marketplace)
Facebook (https://www.facebook.com/help/1156544111079919)