Fake Buyer Phishing Scams on Online Marketplaces: How Crypto Users Get Tricked Into Sharing Bank and Wallet Login Codes

Police advisories and recent reporting highlight a surge in “fake buyer” phishing: scammers pose as buyers on online platforms, send a payment link, then steal one-time passwords or login details—leading to bank or wallet drain. Steps to spot and stop it.

Jan 4, 2026 • 5 min read

Try This Structured Crypto Training Related posts

Fake Buyer Phishing Scams on Online Marketplaces: How Crypto Users Get Tricked Into Sharing Bank and Wallet Login Codes

TL;DR (3 bullets)

Fake buyers often push you off-platform and try to capture one-time passcodes, wallet seed phrases, or bank login details using lookalike pages and urgent messages.
Never share verification codes, seed phrases, or remote-access “support” steps—legitimate marketplaces, banks, and wallet providers do not need them to pay you.
Preserve evidence (screenshots, message headers, transaction IDs) and verify via official app/site channels before taking any action.

Problem overview

Fake-buyer phishing is a common marketplace scam pattern: someone pretends to purchase your item, then manipulates you into “confirming” payment by entering sensitive information. In crypto-related versions, scammers may claim they paid in a stablecoin or sent a “crypto escrow” deposit and you must complete a verification step to release funds. In bank-related versions, they claim they need a code to verify your identity for a transfer. The real goal is usually one of these outcomes:

Steal your bank login or one-time passcodes (SMS codes, authenticator codes).
Steal your wallet seed phrase, private key, or persuade you to install remote-access tools.
Trick you into sending crypto to “verify,” “unlock,” or “upgrade” an account.

This works because the scam mimics normal checkout and shipping steps, but inserts a fake “payment confirmation” page, a counterfeit support chat, or an urgent request for codes.

Why it happens

Several factors make this scam effective:

Off-platform pressure: Scammers push you into texting, email, or encrypted messaging so the marketplace can’t detect or log the fraud easily.
Confusing payment finality: Crypto transactions can be irreversible, and newcomers may not know how to verify a transaction independently.
Lookalike verification flows: Fake pages imitate banks, marketplaces, or wallet providers and ask for login codes “to confirm payment.”
Social engineering: Urgency (“I’m buying now”), authority (“marketplace support”), and fear (“your account will be suspended”) are used to override caution.
Code interception patterns: A scammer may initiate a real login or password reset on a legitimate service, then ask you to share the resulting code. With the code, they can complete the login on their device.

Security agencies and major platforms routinely warn that verification codes, seed phrases, and remote-access requests are common markers of account takeover attempts.

Solutions (numbered)

Stop the conversation outside the marketplace.
Move all communication back to the marketplace’s official messaging system. If the buyer refuses, treat it as a red flag.
Verify payment using primary sources.
For bank transfers, check your bank app directly. For crypto, verify the transaction in your wallet and confirm it on a reputable block explorer by searching your address or transaction ID. Do not trust screenshots of “payment sent.”
Never share codes, seed phrases, or backup keys.
One-time passcodes, authenticator codes, recovery codes, and wallet seed phrases are effectively “keys to the account.” Legitimate support will not ask for them.
Do not install remote-access software or “payment confirmation” apps.
If someone instructs you to install screen-sharing, device management, or “support” tools, end the interaction. That step is commonly used to capture passwords and drain accounts.
If you already shared something, contain quickly.
Change passwords from a clean device, revoke active sessions where possible, rotate API keys, and contact your bank or exchange support through official channels. If a wallet seed phrase was exposed, assume the wallet is compromised and move funds to a newly created wallet.

Prevention checklist

Stay on-platform for negotiation, payment, and shipping coordination.
Assume screenshots are fake; verify in your own bank app or wallet.
Know the “never share” list: seed phrase, private key, recovery codes, one-time passcodes, authenticator codes.
Check the sender identity using official support channels, not links sent by a buyer.
Turn on strong account protection: authenticator-based 2FA where supported, unique passwords, and device-level screen locks.
Keep evidence: screenshots, usernames, timestamps, and any transaction identifiers for reporting.

FAQ (5 Q&A)

Q1: The buyer says they need my SMS code to “confirm the transfer.” Is that ever legitimate?

A: No. SMS or authenticator codes are for your login or account actions. Sharing them can allow account takeover.

Q2: They sent a screenshot showing crypto was sent. Why isn’t that proof?

A: Screenshots are easy to edit. Proof is an on-chain transaction visible in your wallet and confirmed on a block explorer, with the correct recipient address and adequate confirmations.

Q3: The buyer sent a “marketplace verification” page asking for my wallet seed phrase to release payment. What should I do?

A: Close it. A seed phrase grants full control of funds. Report the user to the marketplace and verify any account notices by logging into the official app/site directly.

Q4: I entered my bank login on a page the buyer sent. What now?

A: Treat it as compromised: change your bank password from a trusted device, contact your bank’s fraud department, review recent transactions, and consider placing additional account safeguards offered by your bank.

Q5: I sent crypto to “verify” my wallet and now they want more. Can I reverse it?

A: Most crypto transfers are not reversible. Preserve evidence, report to the marketplace and any involved platforms, and focus on preventing further loss by securing accounts and wallets immediately.

Key takeaways (3 bullets)

Verification codes and seed phrases are secrets; sharing them is equivalent to handing over access.
Confirm payments only through official channels (your bank app, your wallet, and on-chain verification), not buyer-provided links or screenshots.
Act fast if exposed: secure accounts, move funds if a seed phrase leaked, and preserve evidence for reports.

Sources

Buttons open external references.

Singapore Police Force advisory on phishing scams involving fake buyers (Dec 2025) AsiaOne: Police warn of phishing scam involving fake buyers; at least $622k lost since November Cointelegraph: Crypto phishing losses fell 83% in 2025; wallet drainers remain a threat Iz.ru: New fraud scheme using phishing sites disguised as legitimate services KIRO 7: $9.3B lost to crypto scams; how to avoid being a victim in 2026 MyNorthwest: $9.3B lost to crypto scams; how to avoid being a victim in 2026 The Star (Malaysia): US man lost $500,000 in savings to an elaborate scam on the rise East Bay Times: Bay Area man lost $500,000 in savings to an elaborate scam on the rise

Coinbase-Backed Exchange Withdrawal Problems: What to Check When Withdrawals Are Suddenly Delayed or Failing

Users are reporting sudden withdrawal issues on a Coinbase-backed exchange. This post covers common causes (maintenance, compliance/KYC holds, network congestion, bank rails) and practical steps to confirm status, protect funds, and document your case.

Crypto phishing losses fell 83% in 2025, but wallet drainers and “approval” scams still hit users in 2026

Reports say crypto phishing losses dropped 83% in 2025, yet users are still getting drained via signature/approval scams and evolving wallet-drainer tactics. Here’s what’s changing, what isn’t, and where victims are still losing funds.

Crypto Exchange Shutdowns: What to Do If You Can’t Withdraw Funds or Access Your Account

Some users are reporting sudden shutdowns and withdrawal disruptions at crypto exchanges. If you can’t access funds, act quickly: preserve records, stop further deposits, verify official updates, and escalate through support and regulators where applicable.

MetaMask ‘Security Check’ Pop‑Ups: How Fake Verification Phishing Drains Wallets in 2026

Users report MetaMask phishing that mimics “security checks” or verification steps to trick approvals, seed phrase entry, or malicious signatures. Learn the common red flags, what to do if you interacted, and how to reduce repeat risk.

Ledger Data Leak (Global-e Hack) Explained: How to Spot Phishing and Protect Your Wallet

Ledger confirmed customer data was exposed via a third-party (Global-e) hack. This can fuel phishing and fake “support” scams. Here’s what likely leaked, common follow-up scam patterns, and practical steps to harden your accounts and verify messages.