Fake Poshmark / Mercari / Depop / Vinted resale marketplace seller account suspended or payout withheld phishing — fraudulent email impersonating Poshmark, Mercari, Depop, or Vinted claiming the recipient's seller account has been suspended for unusual activity or a policy violation, their payout or earnings have been withheld pending identity verification, or their active listings have been removed — directing them to sign in, verify identity, or link a bank account to restore access and release earnings — a credential-harvesting and financial data theft attack targeting resale sellers who depend on platform payouts; Poshmark 80M+ users; Mercari 20M+ US monthly users; Depop 35M+ registered users; Vinted 50M+ EU users; FTC 2024: resale platform impersonation fraud grew 145% as secondhand marketplace adoption surged

Phishing emails impersonating Poshmark, Mercari, Depop, or Vinted claiming the recipient's seller account has been suspended for unusual activity or a policy violation, their payout or earnings have been withheld pending identity verification, their listings have been removed, or their seller balance is on hold. Key facts: (1) Resale marketplaces are experiencing explosive growth — Poshmark has 80M+ registered users; Mercari 20M+ active monthly US users; Depop 35M+ registered users (popular with Gen Z); Vinted 50M+ EU users; many sellers earn meaningful supplemental or primary income from these platforms; (2) The "payout withheld — verify bank account" variant is the most dangerous: it combines financial urgency (real earnings are being held) with a plausible verification pretext (KYC/identity checks are genuinely common in payment processing), harvesting banking credentials and SSN in one flow; (3) The "seller account suspended — appeal within 24 hours" variant exploits loss aversion: sellers who have built reputation scores, buyer ratings, and follower bases panic at the thought of losing everything; (4) Unlike large marketplace phishing (Amazon Seller, Shopify), these platforms have lower user security sophistication — many sellers are casual participants who would not scrutinize sender domains carefully. Warning signs: sender domain is not poshmark.com, mercari.com, depop.com, or vinted.com; no specific listing ID, item name, or transaction reference; payout amounts that differ from actual earnings; urgency about account deletion within 24-48 hours.