Ricardo fraud spike: Hackers hijack accounts for scams

Ricardo users face surge in fraud as hackers exploit linked accounts

A Ricardo user listed two fully functional smartphones for sale on the platform. Within just 24 hours, both appeared to have been sold. But when the seller contacted the supposed buyers, neither had any idea what he was talking about. "Both were surprised and said they hadn't bought any phones on Ricardo," the seller told SRF's consumer program Espresso.

Customer Questions Ricardo's Security

In both cases, the buyers' Ricardo accounts had been hacked. Fraudsters had gained access to their profiles and used them to make purchases—including the two smartphones.

The seller finds it highly suspicious that this happened twice in such a short time: "What's going on at Ricardo?" he asks. "There must be a security issue."

Ricardo: "We've Noticed an Increase"

Ricardo denies any security flaw, according to spokesperson Mojca Fuks. She also stresses that no data is lost through the platform itself. However, the company is familiar with this scam—and cases have been rising since the start of the year: "We've seen about a 20% increase."

Still, she notes, the numbers remain minimal. With over half a million transactions on Ricardo each month, "only a few hundred fraud cases were reported in February, for example," Fuks says.

How the Scam Works

First, fraudsters gain access to an email account—such as GMX or Gmail—by obtaining login credentials through phishing or leaked data.

Once they control the email, they hijack the linked Ricardo account. Since Ricardo logins are tied to email addresses, scammers reset the password and take over the account to go on a shopping spree.

Their real targets, however, are the sellers. Posing as buyers, they pressure sellers to act quickly, sending links via email, SMS, or WhatsApp that supposedly lead to payment. In reality, these links trick sellers into revealing credit card details, Twint login credentials, or even directly transferring money to the fraudsters instead of receiving it.

Persistent Scammers Keep Evolving

Ricardo has no clear explanation for why buyer-side fraud is on the rise. One possibility is that older scams have been successfully curbed, forcing criminals to adapt. "It's a constant cat-and-mouse game," says Fuks. "Fraudsters keep finding new, devious ways to reach their goals."

The Swiss Marketplace Group—which includes Ricardo, Tutti.ch, and Anibis.ch—invests millions annually in security and continuously works to detect fraudulent activity faster on its platforms.

How to Protect Yourself

As a Ricardo seller, be wary if a supposed buyer pressures you to rush the transaction. Immediately cut off contact if they send you a payment link via WhatsApp, SMS, or email. Legitimate buyers will never ask for your credit card details or similar information—you should never have to provide them to receive payment. Report any suspicious activity to the platform.

Additionally, enable two-factor authentication for email and other services (including Ricardo) to prevent unauthorized access. Strong, unique passwords for each account also add critical protection.