Avoiding Scams

If you see something you think is a scam, you should stop communicating with the buyer or seller and report the suspected scam to Facebook. Learn how to report a scam on Marketplace.
When using Facebook Marketplace, you should avoid:
  • Communicating with buyers or sellers privately outside of Facebook and Messenger. This may look like:
    • Requests to contact other individuals (example: relatives of the seller) that are not the true owner of the Facebook account.
    • Users contacting you about a Marketplace listing outside of Marketplace (example: from Instagram).
  • Messages or emails directly from the seller telling you that there was something wrong with your payment.
  • Providing gift card details (example: the claim code) for payment to someone you don’t know.
  • Sales or transactions requiring you to pay with gift cards.
  • Buyers or sellers that push you to move quickly to complete a sale, or pressure you to complete the sale immediately. This can be an attempt to get around any normal safe practices.
Phishing is a form of identity theft that gets you to volunteer personal information without you realizing what’s happening. These attacks come from people who want to use your information for evil (example: hack your Facebook, email or bank account).
This may look like:
  • Messages or emails that ask you to provide verification codes sent to your phone or email (example: 2factor authentication code (example: Google Voice Code)).
  • Messages or emails that ask you to provide account information (example: email address and password).
Some other types of phishing include:
  • Link manipulation: These messages contain a link to an evil site that looks like the official business.
  • CEO fraud: These messages are sent to trick you into believing that the CEO or other executive is asking you to transfer money.
  • Smishing: Using SMS messages, attackers try to trick you into going to evil sites from your smartphones.
You should never respond to these types of messages or emails.
Phishing Attempts
Two-factor authentication is a security feature that helps protect your Facebook account in addition to your password. If you set up two-factor authentication, you'll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile device we don't recognize.
This special login code will either be sent to:
  • Your mobile device as an SMS message.
  • Your email address.
This may look like:
  • Someone messages you and asks you to send them a code that was sent to you to verify that you are who you say you are. They’re trying to log in to one of your accounts. If you send these codes to someone else, one or more of your accounts will be at risk of being hacked.
Sending these codes to someone else can give them access to things like your Facebook, email and bank account.
You should never respond to these types of messages or emails.
Was this helpful?