Scam ads slipping through net too easily on second-hand marketplaces, Which? warns
Scammers are avoiding detection on second-hand marketplaces, Which? is warning, after its investigation found Gumtree, Facebook Marketplace and Nextdoor failed to pick up quickly on suspicious listings.
Second-hand marketplaces can be a happy hunting ground for scammers, it claims, because consumers do not have the same rights as they do when buying from a retailer.
Amazon Marketplace, Depop, eBay, Preloved, Vinted and Shpock all have some form of buyer protection available – unlike Facebook Marketplace, Gumtree and Nextdoor which do not offer any buyer protection.
However, a Which? survey of more than 2,000 UK adults found that this is not clear to consumers. A quarter (25%) of Facebook Marketplace buyers and a quarter (25%) of Gumtree buyers each thought the marketplaces had buyer protection schemes. One in eight (13%) Nextdoor buyers incorrectly thought it had buyer protection.
Without these schemes, users may struggle to get their money back if they are scammed and are therefore more reliant on the marketplace detecting and removing scams before anyone can fall victim.
To put Facebook Marketplace, Gumtree and Nextdoor to the test, Which? created a fake identity and used that to set up a new account on each site, before immediately uploading a listing for a secondhand Nikon digital camera.
Which? created a Nextdoor account with an AI-generated profile picture, glossy stock image of a generic camera and offered the item at a suspiciously low price. The ad stated a Nikon camera was available with delivery – with the buyer having to pay prior to the camera being posted by bank transfer or PayPal’s Friends and Family option.
The listing went live and stayed up for about 18 hours before Which? was forcibly logged out and all attempts to log back in failed, indicating the account had been suspended or deleted.
However, by then two users had messaged with inquiries about buying the camera, suggesting a real scammer may have been able to trick a prospective buyer.
The consumer association found that when investigators tried to post the same ad on Facebook Marketplace and Gumtree with signs of being a scam, they were blocked from doing so. But these checks were subverted by using a different laptop and fresh identity and posting a more legitimate-looking ad initially, before subsequently editing it to include tactics and payment methods favoured by fraudsters.
To beat Facebook and Gumtree’s checks, Which? changed to a new device, WiFi connection and bogus identity, and for Facebook, the investigators uploaded an AI-generated image profile picture, with some very basic personal details. Which? then uploaded a more plausible ad for a Nikon D60, with genuine pictures and stated that the item could be collected in person. These went live without any issue.
After almost a full day Which? edited the still-live ads to state that items would be posted and would require pre-postage payment by bank transfer or PayPal Friends and Family. In this format, the ads went live once again and stayed live.
After four days, Which? upped the ante, editing both to slash the price in half and to state that payment needed to be made via Apple gift cards – a payment method that is notoriously favoured by scammers as gift card codes can be sold on and are very difficult to trace.
The Gumtree listing once again passed a review in minutes and remained up for more than a day, before going ‘under review’ once again and then disappearing from search results.
The Facebook listing remained live almost 48 hours after the edit, so Which? reported it to Facebook from another account. Facebook rejected that report and refused to remove the listing, offering the chance to appeal within 180 days but seemingly offering no clear way to do so. Which? eventually deleted the listing.
With the National Fraud Intelligence Bureau reporting 56,603 instances of online shopping and auction fraud and £104.6 million lost in the year to the start of October 2024, it is clear purchase fraud is rife, it claims.
Which? is calling for the government and Ofcom to go further and faster in implementing the Online Safety Act. Considering online fraud is one of the most commonly committed crimes in the UK today, it is simply not good enough that specific protections against fraudulent advertisements are not likely to come into effect until 2027, it believes.
Says Rocio Concha, Which? Director of Policy and Advocacy:
“Our investigation shows fraudsters’ ads are able to slip through the net on second-hand marketplaces and con people out of their hard-earned cash.
“Platforms should also be doing more to protect their users. Proper checks must be put in place to prevent potentially fraudulent ads from going live and any suspicious ads which slip through the net should be quickly investigated and removed.
“More widely, these findings highlight just how necessary it is for the government to robustly enforce and implement the Online Safety Act in full. The current timetable is simply not good enough and risks letting many more fall victim to scammers.”
