Keeping your account secure
Depop is committed to keeping your account secure. To help us, we ask that you follow the following steps so that we can work together to keep your accounts safe.
Enable two-factor authentication
We encourage enabling 2FA (available on mobile only) to provide an extra layer of protection on your account. It requires two sources of information to sign into your Depop account. Every time you log in to your account, 2FA is used to verify your identity by doing the following:
- Pairing something you know (like your email address) with
- Something you have (like a hardware key or security token); OR
- Something you are (biometric, like your fingerprint or FaceID).
To turn 2FA on on your Depop account:
- Go to My Depop then My account
- Choose Two-factor authentication and toggle On.
- Enter your phone number when prompted
- Enter the code texted to you
- Get your unique recovery code
- Save your recovery code (best to do in a password manager)
You’ll get an email to confirm two-factor authentication is turned on. You’ll also see that it’s on in your Depop settings.
Once you’ve set it up on your mobile device, you will be sent a text message with a one-time code when you log in to the web as well. All changes or updates to your 2FA preferences must be made on mobile.
We encourage 2FA for all of your online accounts, but especially for email accounts associated with your Depop account and phone provider.
For help setting it up or any other questions, get in touch with support.
Check for unfamiliar activity
External parties not affiliated with Depop may be attempting to access your account by using deceptive emails and websites that appear to come from a legitimate source, also known as phishing. Be suspicious of any unusual requests asking for any of your sensitive information, e.g. personal or financial details, by email or phone.
What should I look out for?
Here are a few things to keep an eye out for potential phishing:
- Requests received via WhatsApp, SMS, or phone calls. All Depop communication is via email, we won’t ever try to contact you via these methods.
- Asking for more info on a listing – potential phishing attempts may include asking for additional photos outside of the app or an alternative payment method to complete the transaction. If you need to share extra photos, add them to your original listing. Always keep conversations and transactions on depop.com or the app so we can protect you.
- Deliberate spelling mistakes or use of symbols – if the buyer has consistent spelling mistakes or uses letters/symbols to replace numbers in messages, they may be trying to avoid being detected
- Sharing of contact details for accounts outside of Depop – messages may contain Instagram handles, phone numbers, and email addresses
- Fake purchase confirmation – telling a seller they have successfully sold an item and then sharing a link to external sites. Depop will always send you an email to confirm a sale.
- Fake emails asking you to verify your account to receive your payout. All official Depop emails will come from an email address ending in .depop.com (e.g., @auth.depop.com), so always double-check the sender's address.
The following may be a sign that your account has been compromised:
- Messages you did not send
- Items listed on your account that you do not own
- Payments made to your PayPal account that you cannot account for
- Your personal details changed without your consent
- Messages on other platforms (Reddit, Meta, etc.) regarding your Depop account
Someone is asking me to share personal information via the Depop platform
We strongly recommend against sharing any personal information via Messages. Sharing email addresses, phone numbers, or any other personal information could result in external parties not affiliated with Depop attempting to access your account, which is known as phishing.
It is also against Depop's Terms of Service to transact outside of the app. Only ever purchase items in the app by clicking the 'Buy' button
If you believe someone is acting suspiciously, please report the user to our Support teams, who will review the account and take appropriate action.
If you have shared personal information with another user, contact us directly and follow the steps detailed here.
'I've received a suspicious email claiming to be from Depop'
If you’ve noticed any suspicious activity, contact us directly. See below for more immediate steps:
- Do not click any of the links or open any attachments within the email
- Contact us directly via our Help Centre, making sure to take a screenshot of the email – be sure the screenshot includes the sender’s contact information
- After taking a screenshot of the email, delete it and report it to your email provider as phishing
- Do not send any items or funds
How do I know if an email is coming from Depop?
There are a few ways to tell whether an email claiming to be from Depop is legit.
All official Depop emails will come from an @depop.com email address, so always double-check the sender's address. You can do this by clicking on the sender contact card, display name, or using the ^ next to the send name to see their email address.
If you suspect the email isn’t genuine, you should:
- Avoid clicking any of the links or opening any attachments within the email
- Report it to us - forward the email, including the sender’s information, to reportphishing@depop.com
- Report the email as junk to your email provider
- Delete the email from your inbox once you’ve reported it
- Never send any items or money
Depop will never request personal information or account details outside of our app, depop.com, or support channel (support@depophelp.zendesk.com).
I've already provided personal information or opened a link
If you’ve entered any payment information, you should contact your bank/card provider immediately.
If you’ve shared your personal information with someone or clicked on a link you were sent, don’t worry. Here’s what to do next:
- Set up two-factor authentication on your account.
- Go to My Depop, then My account (also labelled Settings)
- Choose Two-factor authentication and toggle On.
- Check your account for any unauthorised updates.
- Update any passwords on websites where you use the same email address
Keep your application and devices up to date
Staying ahead with the latest updates for your apps and devices is a critical step in keeping you safe online. These updates are typically packed with essential defences against malware and security threats but also catching new features and improvements. So, when you're nudged to update, try embracing it as a vital habit for maintaining your cyber hygiene as applying these updates is one of the most important things you can do to keep yourself safe online.
To get you started, we’ve included links to popular devices.
- Update your iPhone, iPad or iPod touch
- Update your Mac computer
- Update your Windows 10 or Windows 11 laptop/PC
- Update your Android device (Samsung, Google Pixel, Huawei phones and tablets etc)
Report suspicious behaviour on your acccount
If you notice actions, listings, or communications on your Depop account that you aren’t aware of (examples listed below), it may not be secure. Please be assured that Depop is committed to doing our utmost to safeguard your data, you can help by reporting any suspicious activity.
Immediately contact Depop Support by sending a request and take the following steps:
- Select Safety, Reporting & Appeals > Report unauthorised access
- Include when you last accessed your account and how you realised it had been accessed by someone else in the comments section
- Whilst you’re waiting for a response from one of our agents, check to see if your email address has been changed within the app
- If your email has been changed, change the email back to your original email address
2FA FAQ
'I need to change the phone number on my account'
To change the phone number associated with your two-factor authentication:
- Go to My Depop, then My account
- Choose Two-factor authentication
- Tap Change my number
- You’ll need to enter the 6-digit code we send you so that we can verify it’s really you who’s trying to make the change
- Follow the instructions to change the phone number associated with your two-factor authentication
How do I get a new recovery code?
If you’ve lost your recovery code and are still logged in, you can get a new one to keep safe in case you need it to log in in the future.
To get a new recovery code:
- Go to My Depop, then My account
- Choose Two-factor authentication
- Toggle off Text message
- Follow the instructions to turn off 2FA
- Once 2FA is turned off, toggle on Text message and follow the instructions to turn 2FA back on and get your new recovery code.
How do I turn off two-factor authentication?
To keep your account safe, we recommend you keep two-factor authentication turned on.
If you really want to turn it off, you’ll need to:
- Go to My Depop, then My account
- Choose Two-factor authentication
- Toggle off Text message
- You’ll need to enter the 6-digit code we send you so that we can verify it’s really you who’s trying to turn off two-factor authentication.