Gumtree Australia Support Knowledgebase - Basics - Compromised Email Accounts
Homepage-Icon-SVGs Homepage-Icon-SVGs Homepage-Icon-SVGs Homepage-Icon-SVGs Homepage-Icon-SVGs
Experiencing tech issues? Update your app to the latest version. More details: Current technical issues & troubleshooting
Be wary of requests for your email address sent in an image format. Gumtree does not use a delivery service or Gumtree Bot. We will never send communication via text or Whatsapp. Click here for more help

Compromised Email Accounts

Scammers can try to misuse a PayPal account linked to Gumtree by gaining access to the email address on the Gumtree account. They can then redirect the emails sent/received from your email account, and ‘buy’ something from another scammer. They receive the funds and the notifications from PayPal will be sent to the redirected email.

How the scam works:
  1. An email account is accessed by a weak password or successful phishing attempt 
  2. The Gumtree account under the email address is accessed by changing the Gumtree account password
  3. The Gumtree account is then changed to another email address
Protect your accounts with a strong password or passphrase

Creating a strong password is very important. Scammers can try to gain access to accounts with tactics that can bypass weak passwords, which is why we recommend our members take the following steps to keep their accounts safe:
Update your password to a passphrase
Passphrases are harder to crack than a password. An example of a passphrase might be a line from a song you like, or a sentence from your favourite book. We recommend using a passphrase for your Gumtree account, as well as any other accounts you use, such as your personal email, PayPal, Facebook and Google accounts.
For more information on creating a strong password or passphrase, please click here
Be wary of suspicious emails or texts asking for personal information and keep those passwords safe!
A phishing scam attempt is the act of sending a text or email that claims to be from a legitimate business or business function, asking you to visit a website that requests some form of personal information. It asks you to click on a link and enter your personal info into a webpage. The attacker tries to lure you by wording the message in a way to get you to react immediately.
Scammers can mask the URL or link they want you to click. To see if it’s masked, hover over the URL and look at the pop up link to see the real URL they’re trying to direct you to.

If you haven’t already, please take a moment to view our article about Suspicious Emails
Use two-factor identification

Two Factor Authentication, also known as 2FA, is a two step verification process that adds an extra layer of security to your accounts. It requires your password and, for example, a code that is sent to your phone. Using 2FA makes it much harder for scammers to gain access to accounts and steal your personal information.
For Gmail users, Google has a free tool you can use to set up two-factor identification. There are also free sites such as to set up two-factor identification for your accounts such as email, Facebook etc.

If you are unable to sign into your Gumtree account as well as your email account and have linked your PayPal to Gumtree, unlink your PayPal account by following the steps below:
  1. Log into PayPal
  2. Click ‘Settings’
  3. Select ‘Security’
  4. Click ‘Log in with PayPal’
  5. Look for ‘Gumtree’ as a seller and then click on ‘Delete’
This will prevent any misuse of your PayPal account through Gumtree.

Additionally, please contact our help desk through an alternate email address here