A nursing student has revealed how someone posing as a shopper at a second-hand clothing store was able to steal $4,000 in a sophisticated online scam.
Brianna Ireland wanted to sell her spare t-shirts, pants, and gym clothes to make some money after recently moving to college, and Shaggy decided to list them on Depop, a popular online marketplace for used clothing.
The 19-year-old said she liked the eco-friendly idea of delivering the items and was contacted by her first buyer in early May, shortly after setting up her page and when she was still unfamiliar with how the process worked.
The shopper, known as Sarah, messaged Brianna and told her she needed to include her email address on her Depop profile page in the “my website” field because the site’s checkout process was requesting that information.
“I was so excited about selling clothes, I just didn’t think about it…I was so caught up in the moment,” Brianna said. 7life.
Student Brianna Ireland Listed Some Used Clothing on Depop, But Was Scammed by a Hacker Posing as a Buyer
Depop said the ‘buyer’ hacked into a genuine user’s account and then emailed a fake sale verification form to Ireland.
The “buyer” then told him to wait for a confirmation email in his inbox to give the green light for the sale.
The email appeared shortly afterward and included a “verify purchase” link that took Ireland to what appeared to be a “legitimate” Depop site with the customer’s details, including the shipping address, their email, and their phone number. phone.
The website asked you to add your banking details in order to receive the payment.
Ms Ireland said at this point that she should have noticed the “red flag” because she had already entered her PayPal details on Depop, but dismissed it, assuming that “maybe my PayPal account must not have worked for whatever reason.”
He said that after entering his banking details, the website appeared to freeze and then told him there was an error and a chatbot appeared asking if he had a different bank account to try.
“At this point, I was extremely confused as to why he was asking me this, and then it hit me.”
A frantic Ms Ireland checked her bank account and saw that they had just made a withdrawal of $529.22 to ‘Bitinvestor’, based in Denmark.
He immediately called his bank and was on hold for five minutes, during which time the scammer attempted to make another withdrawal.
When Ireland spoke to a staff member, who quickly froze her account, she was crying.
Another $3,500 had been withdrawn.
The nursing student said she dismissed red flags, such as bad grammar, as laziness, but that the experience would not deter her from using the site again.
But there was good news: The employee told him that they had received the second payment so quickly that they were able to stop the transaction.
The initial payment of $529 had already been settled and could not be returned.
“I’m so grateful I called the bank when I did, otherwise the payment wouldn’t have come back into my account and they definitely would have emptied my entire bank account,” she said.
After reporting the scam to Depop, Ireland said she was told the scammer had hacked into another person’s genuine account to pose as the buyer.
In retrospect, the full-time student said there were other indicators she should have caught, such as bad grammar, which she assumed was simply laziness, and the domain from which the sale verification email was sent, which she didn’t thoroughly check. near.
She said she learned her lesson and still uses Depop, but she’s much more careful about the process when using the site and talking to buyers.
A Depop spokesperson said the site has extensive protections in place to block scams and fraudulent behavior.
‘Our in-app payment systems are specifically designed to keep users safe, and legitimate payments on Depop will only be made within the app or Depop.com.
“Unfortunately, as peer-to-peer marketplaces become more popular, fraudsters are using increasingly sophisticated methods to encourage consumers to pay outside of secure platforms – this is an industry-wide issue.”
“We strongly encourage consumers who buy and sell anywhere online to never share personal information with other users, to use extreme caution when following links to other sites, and to report any suspicious behavior.”
The company recommends only using the genuine Depop app or website to communicate with buyers or enter information.
The genuine site is depop.com and the genuine emails will be from the domain @depop.com, the company said.
Daily Mail Australia has contacted Depop for further comment.
