Full Report
The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams.
Analysis Summary
# Main Topic
Widespread scams targeting users of the OfferUp mobile marketplace application, exploiting both buyers and sellers due to the platform's high transaction volume (over 30 million yearly).
## Key Points
- Scammers attempt to bypass OfferUp's native Purchase Protection by persuading users to transact via third-party apps (e.g., Zelle, Venmo).
- Various fraudulent schemes are noted, ranging from selling counterfeit goods to manipulating payment processes.
- A significant risk involves Account Takeover, where attackers solicit verification codes (often falsely claiming they are for listing verification) to gain access via two-factor authentication (2FA).
- Phishing attacks are common, utilizing links sent in messages ("click here to get paid") leading to sites designed to steal login and financial details.
- Some sellers advertise high-value items but only ship an empty box or use stock photos suggesting they do not possess the item.
## Threat Actors
- **Attribution:** Not explicitly attributed to any specific organized threat actor group; the threat appears to stem from opportunistic, individual fraudsters operating within the marketplace ecosystem.
- **Motivation:** Financial gain through theft (counterfeits, empty boxes), direct transfer fraud (deposits, bounced checks), or identity theft (account takeover).
## TTPs
- **Payment Manipulation:** Requesting transactions via external cash apps (Zelle, Venmo) to circumvent platform security.
- **Overpayment/Refund Schemes:** Sending bogus overpayments via stolen accounts/fake checks, then demanding a refund from the seller, resulting in the seller losing the item and the refund amount.
- **Account Takeover (ATO):** Social engineering users into relinquishing 2FA codes, often disguised as necessary verification steps for listings, using services like Google Voice as a means to receive the code.
- **Phishing:** Sending in-app messages containing malicious URLs designed to capture credentials or personal data.
- **Item Misrepresentation:** Listing items with disclaimers hidden in descriptions (e.g., only selling the box) or soliciting pre-payment deposits for non-existent high-value goods.
## Affected Systems
- **Primary Platform:** OfferUp mobile marketplace application.
- **Affected Technologies:** Third-party payment services (Zelle, Venmo), SMS/Email communication channels used for phishing, and 2FA mechanisms (e.g., Google Voice).
- **Victims:** Both buyers (receiving fake items, falling for deposit/overpayment scams) and sellers (losing items to bounced checks, having accounts compromised).
## Mitigations
- **Payment Security:** Avoid conducting transactions outside of the OfferUp app; insist on using in-app messaging and payment methods to leverage Purchase Protection.
- **Account Security:** Never share any verification codes received via SMS or email with buyers/sellers, as these are often used for account takeover via 2FA bypass.
- **Verification:** Users looking to be extra cautious should prioritize transactions with users possessing an OfferUp "TruYou" badge.
- **Link Vigilance:** Do not click on any links provided in messages regarding payments or verification.
- **Post-Incident:** If scammed, report immediately to OfferUp, contact banks/cash apps for chargebacks, change passwords on related accounts, and report to authorities (e.g., FTC, FBI).
## Conclusion
The OfferUp platform is heavily impacted by various user-level financial scams and account takeover attempts. The critical mitigations revolve around **maintaining all communication and payment within the application environment** to leverage buyer/seller protections and **never sharing sensitive verification codes**. Users must practice extreme caution regarding external payment requests and suspicious links.