Why something as innocent as giving your ID in Wallapop and on the Internet can cost you a hell of months of complaints and trials

You have one or more items for sale on Wallapop or similar platforms. A user writes you interested in what you sell, but putting conditions on you. “I’m going to pick it up in an hour, but first I need a photo of your ID on both sides, with no hidden data. Yes no, I do not trust, and I do not buy it“.

This is the situation in which the relative of a server was seen, and the same can happen if you are the one who buys. Without really knowing why, He sent the photo they asked for his ID, and just after sending it, the sale was thwarted, despite collaborating and delivering the data they requested and having good ratings in Wallapop.

All the types of scams that you find in Wallapop and other sites of sale between individuals

Behind these “innocent” requests are plots that can make that if we hand over our data we end up in a judicial hell (and more things, even if they are less serious) throughout Spain. Let’s see how it works.

Impersonation for various purposes, always malicious

These DNIs are requested for various reasons. The first of them is, on many occasions, the same one for which we have believed that it was a legitimate request. That is, some users when they go to buy (or sell) something they ask for it to make sure that behind an attractive sale there is a person who really wants to sell and not a scammer.

In this way, scammers need to get hold of identity documents to hand over to Wallapop scam victims upon request, as proof that they are legal persons and have no problem offering their documentation as a symbol of good faith in the sale.

The example would be: Pepito is a scammer who has an iPhone 12 for sale, for which he asks for 800 euros. Juanito really wants to buy it, but he asks Pepito for proof that it is legit, such as a DNI, because it is the first sale of Pepito’s profile (typical in scams) and he is not sure. At that moment, Pepito sends Juanito a fraudulently obtained ID, in which he says his name is Pepito and his town.


Many requests for documentation start like this: you sell something and they ask for photos of the mobile phone, and of the invoice. Later, when they give you to understand that they trust you, they ask for your ID. And your photos, your invoice and your ID can be used to deceive other people, “selling” the same thing that you had for sale without ever sending it.

When he is scammed, because he will buy the iPhone 12 and lose 800 euros, Juanito will not only denounce that an unknown person has stolen that amount. What he will do will be report the person who appears on the ID that they have sent, unless you have thought that the scammer has nothing to do with the person who appears in that document, who is basically another victim, of identity theft.

If Pepito does the same scam to many people like Juanito with the same ID, the mess is served. Dozens of people throughout the Spanish geography can report an innocent person, the holder of the same DNI impersonated, which is just a person who naively sent you to legitimately sell something on Wallapop.

This is the case that is told in La Voz de Cádiz about Manuel, who received messages from up to 128 people claiming that he had scammed them. It all started with a 200 euro scam for an iPhone 7 that was never sent to him, but it ended much worse, with citations in multiple trials.

We are talking about dozens of scams for large sums of money. But there are more serious cases. Recently, in Seville, an engineer has denounced that her ID was used to open bank accounts to commit fraud in her name. In fact, he was reporting at a police station where he learned that he was in search and capture. According to the news, there may be many scams worth thousands of euros in your name.

Another area where stolen DNIs are sold is in gambling. It is common for bookmakers to close an account and not allow you to open another with your name. To do this, they resort to buying stolen identities on platforms such as Milanuncios, as we already have in Engadget. There is not as much risk as in previous cases, but it is just as serious.

It is advisable not to give your ID as much as possible: then there is not much we can do


Some readers who believe they have been victims of a scam of this type, in the sense of having given their ID to give confidence to the buyer or seller, like my family member, may be wondering what to do once you are aware that your document can be used to open bank accounts and mislead many other people, all in your name.

The truth is that very little can be done a posteriori. We have discussed this issue with Samuel Parra, an expert lawyer in privacy and data protection at ePrivacidad.es and EGIDA.es. Parra tells us that he does not see a “pre-notice scenario” that we are commenting on “viable or could prosper,” which consists of notifying the Police if we believe we have been victims of a theft of sensitive data such as DNI, even though we have provided it.

The reasons given are that, “in the first place, many complaints do not go through the Police, they go directly to the court” and “on the other hand, Neither can the Police act preventively against possible fraud nor can they monitor all complaints. If the DNI has fallen into the wrong hands, it is difficult to establish a preventive defense, especially when even fraud or fraud can be carried out in institutions in other countries “.


Thus, what this lawyer recommends is “not to be so happy when providing a copy of our ID for the simple fact that they ask for it”. Parra believes that part of the solution is to educate the citizen, and in this sense he tells us about his method to facilitate the DNI when there is no other choice:

“What I do is have a version prepared in black and white, with a watermark that runs through the entire DNI that says who is asking me for it and what is it asking me for”.

In the case of companies that request the DNI very easily, toput because we explain why we do not want to give it to them and why we consider it unnecessary. The theory of data protection regulations, he tells us, “establishes a principle of data minimization, that is, that companies and institutions can only ask us for the essential and necessary data for the corresponding provision”. The problem is that “in practice it is not usually respected”.

Leave a Comment