SECURITY ALERT – Possible Phishing Scam on Reallusion Marketplace

[SECURITY ALERT – Possible Phishing Scam on Reallusion Marketplace]

Hey fellow creators,

Just a quick heads-up in case anyone else encounters this:

Earlier today, I received a suspicious message in my Marketplace backend inbox from a user named “Support Shop”. The message claimed my account had been suspended for violating U.S. law and threatened legal action unless I verified my identity via a bank card check using a link to a non-Reallusion site.

The message looked like this (edited for safety):

“Violation Notice
Your account has been temporarily suspended due to the upload of material that violates USA law.
To avoid administrative or criminal liability (a fine of up to $3,000 or imprisonment), verify your identity through a bank card check.
[Malicious link redacted]
— Reallusion”

This is NOT from Reallusion. I confirmed that:

• My storefront was not suspended or restricted in any way.
• The message came from a user with no official profile image or verified name.
• The link was to a suspicious .world domain completely unrelated to Reallusion.

I reported it immediately via the Reallusion Support Center, and I’m currently awaiting their official response. I’ll update this post once I hear back.

What You Should Do If You See This:

• Do NOT click any link in messages like this.
• Do NOT enter payment or identity info through any third-party site.
• Take a screenshot and report the message immediately to Reallusion.
• Verify your storefront status manually by logging out and viewing it publicly.

Stay safe out there, these scams are getting bolder, and it’s important we look out for each other.

— Embody Studios

Looks like we’re kindred spirits, Embody. First the iContent, now this.

I got the same message today, and immediately contacted support. Someone has also been repeatedly trying to log into my account for some weeks now. Very strange times.

Absolutely, Adam. It does feel like we’re cut from the same cloth.

I had the same reaction, flagged it immediately and sent a support ticket, but what really got me was how quiet the rest of the space has been. Between the iContent situation and this new phishing attempt, it’s starting to feel like we’re shouting into the void. So it means a lot to see someone else in the community standing up and saying, “Hey, this isn’t okay.”

That bit about someone trying to log into your account repeatedly? That’s even more alarming. It makes me wonder if there’s a wider vulnerability Reallusion hasn’t addressed yet. I got an email about a log in attempt about a week ago. I changed my information and haven’t had any attempts since, but it makes me wonder.

I appreciate you replying. Seriously. If there’s ever a need to push a concern together, I’m in. I’ve been hounding RL about a multitude of issues for a while now, with varying degrees of success. Embody Studios isn’t just here to make content, we want to help protect the space that supports it.

Sounds like the shop got hacked and the hackers got the e-mail addresses.

[UPDATE – Reallusion Official Response Received]

Just heard back from Reallusion Support regarding the phishing message sent through the Marketplace backend. Here’s the summary:

“The message was not sent by Reallusion and is likely a phishing scam.
Reallusion does not store credit card data and will never ask for banking information through email or any other method.
Please ignore the message and do not click the link.”

While I appreciate the confirmation, I want to be transparent with the community, this response leaves some serious concerns unaddressed:

• The phishing message was sent through Reallusion’s own internal messaging system, not email. This means a malicious actor was able to impersonate Reallusion staff inside our own creator dashboard.
• There’s been no confirmation that the user (“Support Shop”) has been banned or that others were notified.
• There was no mention of safeguards being added to prevent future impersonation or misuse of the messaging system.

Several of us, including @sunlikevoid (Adam Haruna), have now confirmed receiving this same message, and some have experienced repeated login attempts on their accounts. It’s very possible that this was a targeted or wider breach attempt.

Why I Think This Matters

We’re not asking for overreactions, we’re asking for basic platform safety. The Marketplace backend should be a secure space for creators. Messages pretending to be legal threats from Reallusion staff, asking for bank verification, are not just phishing, they’re in-platform identity theft.

We deserve:

• A proper investigation and removal of malicious accounts.
• Platform-wide communication when scams happen inside the ecosystem.
• Clear security practices that protect all creators.

I’ll continue pushing this forward as needed. If anyone else received similar messages, or worse, clicked the link, please speak up or contact Reallusion Support immediately.

And again, thank you @sunlikevoid for standing up with me on this. We’ve got to have each other’s backs, especially when the silence gets loud on RL’s side.

— Joseph | Embody Studios

Sorry to hear you have received a phishing scam attempt through our messaging service.

Rest assured if you have already reported this to Customer Support then it will be investigated and the perpetrator will be banned.

I got that message too, but I don’t think you can call it this way. Anybody can send us a message “through creator dashboard” via “write private message to artist” on “Product Q&A” of our products. These messages will appear in Dashboard. And I think this method was used… Should we remove that option for customers to contact developers? I don’t think so… As scam is raising everywhere, we just have to be cautious I guess…

Hey man, i have fat fingers. I need a delete message option just in case i click the link by mistake.

Yeah, having no option at all to delete messages in dashboard is quite unusual.
So I second for a delete message button!

I appreciate you chiming in, and you’re right, it likely was sent via the public-facing “Write Private Message to Artist” option on the product Q&A page. That’s an important clarification and thanks for bringing it up, as I was able to find out that the message was sent via one of my product pages.

That said, I still believe this points to a real vulnerability in the way Reallusion allows direct user-to-creator communication without any verification or message flagging system. When an unknown user can send a message with official-sounding language, claim to be staff, and add unfiltered links to a phishing site, all within the dashboard interface, that’s an ecosystem risk. Some of us have the common sense to notice the lack of a profile image, and have experience with phishing tactics to know to report it immediately.

I don’t think removing the messaging option is the answer either. But features like:

• Verified tags for official Reallusion accounts,
• Keyword detection (e.g., “requesting bank card information,” “legal violation”),
• Or even a simple “Report Message” button

…could go a long way to protect creators without removing community access.

Caution is good, but platforms need to meet us halfway. If creators are left to fend for themselves against impersonation inside the platform, trust erodes fast, and less vigilant creators are put at risk.

Really glad you added to the conversation, and that you caught the message too. If more of us share what we’re seeing, maybe we can get ahead of it together.

I do hope the perpetrating user accounts are flagged promptly, but beyond that, I’d encourage the team to consider small but meaningful safeguards for the messaging system (e.g., report buttons, verified tags, impersonation keyword detection).

As more creators begin to depend on the platform for income sources, these protective layers become less “nice to have” and more essential.

I’m glad this was taken seriously. Thanks again for taking the time to stop by and give us an update.