Summer is the perfect time to get rid of household clutter and make a little money while doing so. If you don't have the time or desire to brave the heat during a garage sale, I recommend using shopping apps such as Mercari or Poshmark for selling secondhand clothes. Not only are the apps easy to use, but they're also a little safer than community boards such as Craigslist or Facebook Marketplace.
Selling to local buyers in person and only accepting cash is the best way to avoid a scammer. But not everyone lives in an area where garage sales or clothing swaps are popular or even possible. Apps for buying and selling used goods offer convenience for buyers and sellers, as well as various seller protections in the form of money-back guarantees or customer support protocols for recouping losses in a scam.
You might be able to move your items faster by selling locally with the community boards, but you risk allowing scammers to trick you into connecting your account to a crime.
Don't Become a Digital Accomplice
According to a report from Marissa Bodnar at WGME in Portland, Maine, scammers use community boards to obtain Google Voice phone numbers from sellers. They then use the hijacked number to scam other unsuspecting sellers.
The Identity Theft Resource Center (ITRC) breaks down the scam as follows:
"Scammers look for people selling items online and then message them as if they are an interested buyer. The criminals proceed to have a Google verification code sent to the seller. They then ask the seller to share the code to verify that they are a real seller. However, it is a Google Voice scam, and the scammer is looking for the victim to share the code with them so they can use it to create a new Google Voice phone number tied to the seller. They then proceed to scam other people using the victim’s name while remaining undetected."
Don’t have a Google Voice account? You can still become a victim. The ITRC says scammers can set up a Google Voice account and link it to the phone number of the person they call. The scammer then creates a fake post selling the same items and using the same name as the legitimate seller and steals money or information from potential buyers using the victim’s identity.
In 2021, the ITRC received almost 4,000 incident reports regarding the Google Voice scam. In the first half of 2022, 37% of the ITRC's scam reports are about the scam.
How to Retrieve a Stolen Google Voice Number
Google is aware of this issue. If you are a victim of a Google Voice number hijacking scam, getting your number back is fairly painless. Take the following four steps to reclaim your Google Voice number:
1. Sign in to voice.google.com and click Settings. Under Linked number, click New linked number.
2. Enter your mobile or landline phone number to link it to your Google Voice number.
3. If the number is for a landline, click the Verify by phone link and then click Call. Google Voice calls the phone number and gives the code. Enter the code and click Verify. If you are on a mobile device, click Send code, and Google Voice sends the code in a text message to the phone.
4. Click or tap the Claim button to link the number to your account.
If you're still planning to sell your stuff online via a local community marketplace, take a few precautions:
- Don’t accept a mobile payment (Venmo, Velle, PayPal, and so on) from someone you don’t know.
- Never deposit a check for more than the selling price.
- Don’t share your Google Voice verification code—or any verification code—with someone you don’t know.
- Invest in identity theft protection software to get insurance-backed identity theft remediation.
Like what you're reading? Get an extra story delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What Else Is Happening in the Security World This Week?
US Sanctions 'Tornado Cash' for Laundering Crypto Funds for North Korea. The North Korean hackers allegedly used the cryptocurrency-mixing service Tornado Cash to launder funds tied to two major heists earlier this year.
Twitter: Someone Exploited a Zero-Day to Access User Data. As many as 5.4 million Twitter accounts may have been affected.
Report: UK Will Use Smartwatches to Enable Constant Surveillance. People wearing the watches could also be expected to submit photos of themselves to a facial recognition system up to five times a day.
Ukraine Shuts Down Huge Bot Farm Pushing Russian Propaganda. The bot farm was using 5,000 SIM cards and 200 proxy servers to spread the propaganda online, according to the Security Service of Ukraine.
US State Attorneys General Form Nationwide Anti-Robocalling Task Force. The group plans to crack down on telecom companies facilitating overseas robocalls.