To stay safe and protect your data, be aware that scammers might target Vinted members with phishing attacks via:
- Messages on Vinted
- Text messages (SMS)
- Direct calls
At first glance, they often look like official messages. In truth, they are sent by scammers in hopes of stealing your identity or online accounts.
Senders of such spoof emails or messages may pretend to be:
- Vinted representatives (e.g. our customer support)
- Our shipping providers
- Our payment providers
- Buyers interested in one of your listed items
- Any other service you might use via Vinted
Scammers typically ask for your contact details, sensitive data or login information. Phishing messages might also contain links to malicious sites or have infected files attached.
Don’t open suspicious links or attachments and do not fulfil any of their requests. Please report suspicious activity to us. In case you want to report an item, please follow this guide.
How phishing emails and messages look like
In a fake message on Vinted, you might be asked for your:
- Login details, payment account or another service you use when buying or selling on Vinted
- Email address, phone number, bank card details, pictures of your ID, or similar information
- Pictures or videos of an item you’re selling to be sent via WhatsApp, SMS, or other messengers in the hope of spamming your private number.
It’s important that you never disclose your contact information to buyers or sellers. Discussing purchases should never be taken outside Vinted’s conversation screen.
A spoof email may include the same requests, as well as:
- Links to bogus sites, where you’ll be asked to provide your sensitive data (logins, bank card details)
- Attachments containing malware
- Requests to act immediately, saying that something bad will happen if you don’t.
These phishing messages may include Vinted logo, names or other features like colours, fonts, and buttons that we use on our web page. They might also use ‘Vinted’ in their web address. Therefore, it might be difficult to spot a fake site.
Here are some examples of fake site addresses: myvinted.dreamlandshop.net, vintdregistres.ca, onvirev.ca, atvnt.ca, etc. Please note that a real Vinted site will always have vinted.ca/ part in the address.
How real Vinted messages look like
- We contact our members using email@example.com mailbox. Once our Customer Support Team gets in touch with you, the email will be [support+the ticket number]@vinted.zendesk.com, for example, firstname.lastname@example.org. In case we do not receive a response, we may contact you using the application and ask you to provide your answer to the email address mentioned previously.
If someone pretends to be from our team, but email is not sent from email@example.com, please Report them, so we can keep Vinted a safe place.
- We only ask for your ID if the basic KYC check fails. Generally, you should upload your ID to our secure payment provider via Application - in this case, we will not ask you to email it again. If you are asked for your ID after it is uploaded to our secure payment provider - please report it.
- Links in our messages can only direct you within our or one of our partner's websites (e.g. shipping provider). Also, our links never have attachments in them, unless you ask us for your personal data that is stored at Vinted or there are shipping label issues. In mentioned cases, email would come only from firstname.lastname@example.org.
Outside Vinted (on email):
- Our automatic email messages will be sent from email@example.com. We also use firstname.lastname@example.org (email used by our Customer Support Team), email@example.com and firstname.lastname@example.org for official updates from Team Vinted. Only lowercase letters will be used in the address.
- Please note that very similar email addresses may be used by scammers, for example, email@example.com; firstname.lastname@example.org; Service@PayPal.ca.
- Pay extra attention to typos, word order, and letter case in the address. Don’t rely on the sender’s name or the message title.
If you are unsure about the message’s authenticity, feel free to report it.
If our provider cannot confirm your identity right away, they can ask for a copy of your ID (ID card, passport, etc). Don't worry, we don't save any documents in our system. They go directly to our payment provider Stripe, where they handle the information securely. Stripe may also trigger additional photo ID verification based on their internal ruleset and anti-money laundering filters, as well as local laws requirements.
Did you receive a message that has some features of phishing, spam, or a spoof email? Please report it.