Facebook Marketplace & Craigslist Scams: 4 Variants and the Cash-In-Person Defense

A listing shows a desirable item — couch, sectional, KitchenAid mixer, designer handbag, MacBook — at 30-50% below market. The photos look professional. The seller has a reason they can't meet in person (out of town, husband can drop off, listing is in another state). They request Zelle/Venmo deposit to "hold" the item. Once paid, they vanish; the item never existed.

A different victim's story illustrates the variant from the moment of regret. The author of an r/MoneyDiariesACTIVE thread (128 upvotes) describes their first Facebook Marketplace scam — a near-new mid-century-modern dresser at $180, photos that looked recently taken in a real apartment, seller in their own city. The seller said her husband would drop it off that evening; could the author Zelle the $180 first to "hold it" since another buyer was already on the way to pick it up? The author Zelle'd the money. The seller stopped responding by 8 PM. Facebook's profile reported nothing unusual; the account had been created two months earlier with a single set of stock-photo profile pictures and no friends list visible to non-friends. The Zelle was gone, and the author later realized the photo of the dresser had appeared on 14 other Facebook Marketplace listings in different cities over the prior six weeks.

The pattern's effectiveness depends on a structural fact about the platform: Facebook Marketplace's recommendation algorithm boosts new listings to maximize engagement, which means a fresh scam listing can reach thousands of users before any fraud-detection signal triggers. The scammer's account is typically aged 30-90 days (long enough to look legitimate, short enough that no real friend graph has formed) and uses photos stolen from Zillow, eBay, IKEA product pages, or real Marketplace listings in distant cities. By the time the platform takes the listing down — usually 24-72 hours after the first buyer report — the scammer has cycled to a new account with the same photos and a new dollar figure. Per Meta's own Marketplace help center, the company acknowledges this dynamic and provides reporting tools, but the volume remains high enough that buyer-side defense is the only thing that scales.

What works is two checks before any payment leaves your account. First: reverse-image-search the listing photos via Google Images or TinEye. Drag the photo into the search box; if it appears on 5+ other unrelated listings, eBay product pages, or stock-photo sites, the listing is fake. Second: insist on cash-in-person inspection at a public place. Real local sellers welcome this; scammers always have a reason they can't meet. The 30 seconds the photo search takes catches a meaningful share of fakes, and the in-person rule catches the rest. If the seller demands a Zelle/Venmo deposit to "hold" the item, the listing is the scam revealing itself — real sellers do not require deposits to "hold" furniture for a 4-hour pickup window.

The buyer-targeted fake-listing variant is the volume play. The next variant flips the dynamic — the scammer is the buyer, and the seller is the target.

A "buyer" messages a Marketplace seller about an item, asks for the seller's phone number, then says they'll send a 6-digit code to verify the seller is real. The code is actually a Google Voice account-setup verification — when the seller shares it, the scammer creates a Google Voice number linked to the seller's phone. The scammer uses that Voice number to perpetrate further fraud while concealing their identity.

The variant has been running for years and is one of the most-documented seller-side marketplace scams. Per Trend Micro's analysis: "If you give it to them, they'll try to use it to create a Google Voice number linked to your phone number. Once the fraudsters have that code, they can use your phone number to conceal their identity and rip off other people." The mechanic is precise — Google Voice's account-creation flow texts a 6-digit code to a phone number to verify ownership, and the scammer asks the seller to relay that code under a fake "verification" pretext. Once the scammer has the code, they complete the Google Voice setup tied to the seller's number, and the seller is now the apparent owner of a Voice account they didn't create.

The downstream damage runs in two directions. First: the scammer uses the Google Voice number for further fraud (job scams, marketplace scams, romance scams) while the SMS-trace points back to the seller's real phone. If law enforcement traces the fraud, the seller's number is on file. Second: if the seller ever wanted to use Google Voice themselves, their phone number is now locked out of the service — the existing account claims it. Fox43's consumer-protection coverage documents the same script with broader retail consequences. The Google Voice support community has hundreds of threads from sellers who shared the code and want to reclaim their number — recovery is possible but requires manual support intervention that takes weeks.

The simplest defense is also the only one that works: never share a 6-digit verification code received by text, regardless of who is asking or why. No legitimate marketplace transaction requires sharing verification codes. No legitimate buyer needs to "verify" you with a code; the platform itself handles all verification. Refuse without explanation. If you have already shared the code, follow Google's recovery instructions at support.google.com/voice/answer/115061 to reclaim your number — the process takes 5-21 days and requires confirming your identity through Google's recovery flow. Report the buyer's account to Facebook Marketplace via the listing's three-dot menu.

The Google Voice variant runs identity hijack at scale. The next variant runs payment hijack at the moment of handover — the seller hands over the item, the deposit reverses days later.

A buyer comes to your house, pays via Zelle from what appears to be a real bank account, and you watch the funds settle in your account before handing over the item. Days later, the deposit reverses — the buyer was using a compromised account, the real owner reversed the unauthorized transaction, and Zelle clawed back your "settled" funds. You're out the item AND the money.

The variant overlaps with the bank-impersonation page's marketplace-side documentation, but the seller-side angle is worth its own treatment because of how often it bites legitimate sellers. The r/Scams thread "(US) Beware If You Are Selling Items on FB Marketplace" (160 upvotes) walks through the canonical version. The author sold a piece of furniture for $400, met the buyer at her apartment, watched the buyer Zelle the funds and the deposit confirmation appear in her bank account on her phone screen. She handed over the furniture. Three days later her bank's notification system flagged the deposit as "Reversed — sender account unauthorized." The buyer had used someone else's compromised Zelle-linked bank account to send the funds; once the real owner saw the unauthorized transaction and reported it, Zelle clawed back the deposit. The seller had no recourse. Zelle's terms-of-service classify the original payment as unauthorized by sender (which is true), and the recipient does not have rights against the sender's bank.

The variant works because of a structural fact about the U.S. instant-payments system that most consumers don't know. "Zelle payments cannot be reversed by the recipient," reads a common community summary on r/Scams — and the next sentence usually adds: "but they can be reversed by Zelle when the sending account is later determined to be unauthorized." The recipient sees "Available — instant" in their account; the underlying settlement chain has not yet completed. If the original sender's bank later determines the transaction was fraudulent (because the real owner reported it), Zelle has the right to claw back. Per the Senate Permanent Subcommittee on Investigations' 2024 report, "only 12% of consumers last year were reimbursed for Zelle payments disputed as scams," and that statistic applies to the senders who claim fraud. For recipients on the other side — the seller who handed over the item — the reimbursement rate is effectively zero.

What stops the variant is upstream of the rail. Cash in person is the only payment that does not reverse. Once cash is in the seller's hand, the transaction is settled — there is no reversal mechanism, no clawback, no terms-of-service that re-litigate the exchange. Bank-rail payments (Zelle, Venmo, Cash App, ACH, wire) all carry reversal risk for the recipient. PayPal Goods & Services has buyer protection that runs against the seller, which is the inverse problem — but at least it gives both sides a documented dispute path, unlike Zelle which gives recipients nothing. For seller-side marketplace transactions, the safe payment hierarchy is: cash in person, in-person credit-card swipe via Square/Stripe, or refuse the deal. See the Bank-Impersonation & Zelle Scams page for the full mechanic.

The first three variants run on item-resale transactions. The fourth variant runs on rentals — a different surface area but the same underlying mechanic, and the FTC's largest single documented marketplace-fraud category.

A Facebook or Craigslist listing shows a desirable apartment at 20-40% below market. The "landlord" can't show in person — they're overseas, on military deployment, or dealing with a family emergency. They request first month's rent + security deposit via Zelle before any showing. The apartment either doesn't exist or is being sublet by someone who doesn't own it. Per the FTC, ~50% of rental scams start on Facebook, 16% on Craigslist, with $65M+ in cumulative losses since 2020.

The FTC's December 2025 rental-scam data spotlight documents the variant with unusual specificity: "Since 2020 consumers reported nearly 65,000 rental scams," and "Facebook is the most reported platform, with about half of people who reported a rental scam saying it started with a fake ad on Facebook, while another 16% said the scam started with a fake listing on Craigslist." The combined Facebook + Craigslist share is roughly two-thirds of all reported rental fraud — the platforms' minimal listing-creation friction is exactly what makes them the dominant rental-scam channels. The mechanic is the same as the buyer-side fake-listing variant from #1, with the apartment as the product: stolen photos (typically from Zillow, Apartments.com, or Trulia listings), too-good-to-be-true price, "landlord" who can't show in person, payment via Zelle/wire before any key handover.

The rental variant is more damaging per victim than the item-resale variants because the dollar magnitude is larger and the secondary consequences run further. The typical loss is first month + security deposit — often $3,000-$5,000+ in major metros, occasionally $10,000+ for premium units. Beyond the direct loss, the renter is now homeless on their planned move-in date, has often given notice on their previous apartment, and may have shipped belongings to the new address. The FTC's spotlight documents cases where the secondary loss (emergency hotel, storage, lost wages from missing the move) exceeded the primary deposit loss. The harvest can also include an identity-fraud component — many fake "rental applications" request SSN, employer information, and credit-check authorization, all of which feed identity-fraud pipelines whether or not any deposit is sent.

Three checks before any rental deposit. First: physically tour the apartment with a verified landlord or property manager — refuse to send any deposit before doing so. If the listing is on Facebook or Craigslist, cross-check the address on Zillow, Apartments.com, or the building's property-management website. If the same address appears on a legitimate platform at a different price, the Facebook/Craigslist version is fake. Second: reverse-image-search the listing photos. Most rental scams use photos stolen from real listings — the photos will appear elsewhere if you search them. Third: verify the landlord's identity. Real landlords welcome in-person showings and provide ID; fake landlords always have a reason they can't meet (overseas, military, family emergency). If the landlord refuses to meet, walk away regardless of how attractive the listing is. The deposit is gone the moment you send it; the apartment was never available to rent.