TAMPA, Fla. (WFLA) — A seemingly harmless request from internet buyers can lead to complications that are harmful to your personal data and accounts, cybercrime experts said.

The Federal Trade Commission (FTC) has warned for months against falling for the verification code hustle that involves the purported buyers sending you a social media request to verify your ad is not fake.

The targets are sometimes previously victimized, according to USF cybercrime expert Thomas Hyslip, who said key information is easily available.

“Especially on the dark web, millions of accounts that they’ve posted that have been compromised. That’s where you start,” Hyslip said. “You know their names. You then search for them online, find an ad they posted and you’re off to the races.”

(AP Photo/Jenny Kane)

One recent case reveals how a Bay area man selling a bedroom set was snared by a suspect’s simple request.

“I’m very interested in your furniture,” the buyer wrote in the message. “I’ll pay cash.”

“Great,” the seller responded, prompting this response.

“I want to make sure this isn’t a fake ad. Can I send a verification code? To make sure this is a real ad?”

The seller paused before writing, “I guess.”

The victim fell for it twice with the same supposed buyer, potentially giving up control of two cell phone numbers. And in this case, the seller had firsthand knowledge of schemes like this one but took the bait anyway.

In fact, that seller, that victim, is this reporter.

(File: Getty)

Cybercrime experts said with control of a phone the suspect can hide behind your name while committing crimes with your number.

They can also access your personal information, take over accounts, and open new accounts in your name.

In many cases, the target has no idea their accounts and identity are in peril, according to the FTC’s Alvaro Puig.

“You believe the story that they told you. That they just wanted to verify your identity because they want to reply to an ad,” Puig said. “It’s reasonable to assume maybe there’s underreporting.”

Puig said that is why the FTC releases alerts about how the scheme works and how to avoid it.

In this reporter’s case, the phone numbers were retrieved and protected on a website recommended by the FTC.

According to experts, the verification code ploy grew out of previous deceptions involving stolen log-ins.

Hyslip said criminals will continue to evolve even as technology designed to protect us improves.

“It’s a tough one because as we make changes just like everything else,” Hyslip said. “They’re going to react and try to overcome it.”