A phishing campaign targeting Depop sellers

Posted byAnti-phishing Leave a comment on A phishing campaign targeting Depop sellers

This set of screenshots shows a phishing campaign targeting Depop sellers. The scam uses a fake “orders suspended” notification and a counterfeit support chat to trick victims into providing full credit/debit card details and billing information.

Threat Analysis: Depop Phishing – Fake “Orders Suspended” & Card Harvesting

How the scam works:

Fake Suspension Notice (1st screenshot)
The victim is told that orders in their account are temporarily suspended and they must “verify” their payment details to restore store operations. A “Verify” button leads to the next step.

Fake Support Chat with “Amelia” (2nd screenshot)
A fake live chat window opens with a message from “Amelia” (posing as customer support). The message claims that the victim needs to provide card details for verification, that the process is secure and only done once, and that “Amelia is a real person, not a robot.” This social engineering trick is designed to lower the victim’s guard.

Card & Billing Details Form (3rd screenshot)
The victim is taken to a page that asks for:

  • Full card number
  • Expiration date (MM/JJ, shown as MM/YY)
  • CVV
  • Name on the card
  • Billing address (street, city, postal code) The page displays logos of Visa, American Express, and Discover, and claims “All transactions comply with PCI DSS” – a fake security badge.

The goal:
The attacker collects:

  • Full credit/debit card details (number, expiry, CVV)
  • Cardholder name and billing address
  • Postal code and city

With this data, the attacker can:

  • Make fraudulent online purchases
  • Clone the card or sell the information on criminal markets
  • Use the personal details for identity theft

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain like depop.securedirect.cfd – not the official Depop domain (depop.com). The .cfd TLD is unusual for a legitimate site.
  • Fake chat support that initiates contact: Real customer support does not automatically send a pre‑scripted message explaining that you need to provide card details.
  • Request for full card details (including CVV) to “verify” a suspended account: Depop never asks for your card security code to restore account access. Such verification is done through official payment methods within the app, not by entering raw card data on a third‑party page.
  • Threat of lost orders / store suspension: Creates urgency to pressure the victim.
  • PCI DSS claim and payment logos: These are copied from legitimate sites to appear trustworthy, but the page itself is a phishing site.
  • Poor grammar / language inconsistencies: The English is slightly awkward, and the Dutch text appears in some screenshots (the target is likely a mix of English and Dutch speakers, or the template was copied).

What to do if you encounter this:

  • Do not click “Verify” or enter any card details.
  • Do not interact with the fake chat.
  • If you are a Depop seller, always log into your account by typing depop.com directly into your browser. Check your account status and any notifications from the official app.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Depop’s security team.

Protective measures:

  • Never click links in unsolicited messages claiming your seller account is suspended.
  • Always type the official Depop URL directly into your browser or use the official app.
  • Never trust a pop‑up chat that asks for card details – legitimate support will never request that information.
  • Enable two‑factor authentication on your Depop account and email.
  • Check the URL carefully – look for misspellings, extra words, or unusual top‑level domains (.cfd, .top, .xyz).

Leave a comment

Your email address will not be published. Required fields are marked *