Why everyone's suddenly asking this
We get this question constantly: is it actually safe to buy a race bib from someone online? The honest answer is that it depends entirely on how you do it — and the most common way, messaging a stranger in a Facebook running group, is also the riskiest. This isn't us talking down a competitor; it's a documented, growing problem that race organisers themselves keep warning runners about.
The pattern is simple. A popular marathon sells out, a waitlist forms, and within days fake sellers appear in Facebook groups and on Marketplace offering bibs to desperate runners. When the Toronto Waterfront Marathon sold out weeks early, organisers warned that scammers were trying to sell fake registrations ahead of race weekend. After the Detroit Free Press Marathon sold out, a runner who messaged several sellers found every one of them was a scammer using fake registration as 'proof' — one seller's name was even completely different from one day to the next.
Race directors in multiple cities have issued public warnings, and the losses are real. One newer runner looking for a sold-out-race bib gave $80 to a scammer posing as a seller, then tried again and sent $50 to a second fraudster — only stopped when her bank flagged that the seller's name didn't match the name on the email account. And those were relatively cheap races: most major Australian marathon and half-marathon entries run from around A$120 to A$300+, so a single scammed transaction here can cost a runner far more.
How the Facebook bib scam actually works
Understanding the mechanics makes the red flags obvious. The scam almost always follows the same script:
Scammers go where demand outstrips supply — a sold-out marathon with a waitlist full of runners who'll act fast and ask few questions. Some fraudsters even create fake Facebook groups made to look like a marathon's official page.
A typical approach is to send a screenshot of a QR code or a registration confirmation and request payment by e-transfer. A screenshot is trivially faked or stolen — it tells you nothing about whether the bib is real or registered to them.
Scammers want your money in a way that can't be retrieved — a wire transfer or an instant payment app — and often try to move you off-platform where the conversation can't be monitored. Once you've sent it, it's gone.
No bib, no transfer, no reply. As one runner who lost $60 put it, the seller simply vanished and never did anything. Because the payment was irreversible and off-platform, there's no recourse.
The red flags — how to spot a fake seller
If you are going to deal on social media, these are the tells that should stop you cold. Several of these come straight from runners who got burned — and from the profile quirks that give fake accounts away:
| Red flag | Why it signals a scam |
|---|---|
| Name doesn't match the profile | The display name doesn't match the person in the photos, or differs from earlier posts. In the Detroit case, a seller's name changed completely from one day to the next. A genuine seller's identity is consistent. |
| Too few — or too many — followers | A brand-new account with almost no friends, posts or history is a classic throwaway scam profile. So is a suspiciously inflated follower count with no real engagement — bought to look legitimate. Real runners have a normal, lived-in social footprint. |
| Only screenshots as "proof" | A screenshot of a confirmation or QR code proves nothing — it can be faked, edited or lifted from someone else. Real proof is the bib being transferred to your name through the official system. |
| Pressure to pay off-platform | Being steered to communicate or pay outside the platform's official channels is a hallmark of a scam, because it removes any protection or paper trail. |
| Irreversible payment demands | Requests for bank/e-transfer, Zelle, wire, crypto or gift cards. Being asked to send funds directly to someone claiming to sell a bib is itself a red flag, per race organisers. |
| Too-good price + urgency | A price well below the going rate, paired with "someone else is interested, pay now," is designed to switch off your caution. A price suspiciously below market is a standard scam signal. |
The thread running through nearly every reported case is an identity that doesn't add up — a display name that doesn't match the photos, or a seller name that doesn't match the email or registration. In one case it was the bank spotting a mismatch between the seller's name and the email account that stopped the fraud. If the identity is inconsistent, walk away.
Why Facebook is structurally risky for this
Spotting red flags helps, but the deeper issue is that Facebook was never built for selling race entries safely. The risk is baked into the structure:
- Anyone can be anyone. Profiles are trivial to fake or buy. There's no link between a Facebook account and whether that person actually holds a bib.
- No verification of the bib. Facebook can't tell you whether a registration is real or in the seller's name. You're trusting a screenshot.
- Little to no buyer protection for this. Facebook's purchase protection generally only covers payments made through its official checkout — not the private transfers scammers ask for.
- It optimises for reach, not trust. Fake groups can be made to mimic official race pages, and the open nature that makes Facebook useful is exactly what scammers exploit.
In other words, on Facebook you're a single runner trying to out-think a practised scammer in a DM. The platform isn't on your side; it's just the venue.
Why a verified marketplace is safer
The fix that experts and race organisers keep pointing to is the same one BibBuddy is built around: a platform where the bib is verified and transferred officially, rather than a cash-for-screenshot deal with a stranger. Montreal and Toronto marathon organisers specifically advised runners to use a platform where buyers can verify that a bib is genuinely registered in the seller's name. That principle is the whole point of a running-specific marketplace.
Here's how that changes the dynamic with BibBuddy:
| Stranger on Facebook | BibBuddy | |
|---|---|---|
| How accounts are created | Free, instant, anonymous — easy to fake or buy in bulk | Sign in with Apple or Google — a real, verified account |
| Who you're dealing with | Anonymous account, no running context | A running-specific community of real runners |
| How the bib moves | "Trust me" — often just a screenshot | Through the event's official transfer, into your name |
| Whose details end up on the bib | Often still the seller's — dangerous on course | Yours: your medical info and emergency contact |
| What protects you | Your own vigilance, nothing else | The structure — official transfer is the default path |
Sign in with Apple or Google — a harder door to fake
Here's a difference that does a lot of quiet work. A Facebook profile is free, instant and effectively anonymous — which is exactly why scammers spin them up by the dozen, abandon them after a sting, and make new ones. BibBuddy doesn't use email-and-password signups that anyone can churn out; you join with Sign in with Apple or Sign in with Google. That matters because both are tied to a real, established account that's far harder to fake disposably:
- Apple and Google verify their own users. Creating these accounts involves phone-number verification, fraud and abuse checks, and ongoing account-security signals — hurdles a throwaway Facebook profile simply doesn't have.
- Two-factor protection is built in. Sign in with Apple accounts require Apple's two-factor authentication, and Google accounts carry Google's own security layers. The identity behind the login has already cleared a real bar.
- No fresh password to leak or fake. You're not creating yet another password on a small site — you authenticate through providers whose entire business depends on stopping account fraud. BibBuddy never sees your password.
- Disposable accounts don't scale. The whole Facebook scam model relies on cheap, anonymous, throwaway profiles. Requiring a verified Apple or Google identity removes that cheapness — the thing scammers depend on.
No login removes all risk. But scams are a volume game, and they thrive on accounts that are free and anonymous to create. Forcing every account through Apple's or Google's verified, two-factor-protected sign-in raises the cost of every fake account — which is precisely why a verified marketplace doesn't look like a Facebook group full of day-old profiles.
The difference isn't that BibBuddy promises no one will ever try anything dodgy — no platform can. It's that the safe path (verify the runner, transfer officially, get the bib in your own name) is the built-in path, instead of something you have to fight a scammer to achieve. The structure does the work that you'd otherwise be doing alone in a Facebook DM.
Skip the Facebook roulette
BibBuddy connects real runners for bib transfers and race-weekend stays — with handovers done through the event's official transfer process, so the bib ends up in your name. No fake accounts, no screenshot "proof," no irreversible payments to strangers.
Browse BibBuddy →Free to use · Built by runners, for runners
The safe-buying checklist
Wherever you end up buying, run through this every time:
- Verify the identity. Consistent name, real running history, a profile that adds up. Mismatches = stop.
- Insist on the official transfer. The only real proof is the entry being re-registered in your name through the event's system, before its deadline. Never accept "just run under my name."
- Never pay by irreversible methods to someone unverified. No e-transfer, wire, Zelle, crypto or gift cards to a stranger. Keep it traceable.
- Don't let urgency rush you. "Pay now or lose it" is a tactic. A real seller can wait for an official transfer.
- Keep it on-platform. Refuse pressure to move off to a private channel where there's no record.
For the full step-by-step on doing a transfer correctly, see our safe bib transfer guide, and if you're chasing a sold-out place, our guide on finding a race bib last minute covers the legitimate routes in.
Frequently asked questions
Is it actually illegal to buy a bib on Facebook?
Buying a bib isn't itself illegal, but two things make it risky: many events prohibit unofficial transfers (running under someone else's number is against the rules and can get both runners disqualified), and the transaction itself is a prime target for fraud. The problem with Facebook specifically isn't legality — it's that there's no verification that the seller holds a real bib, and no protection when a private payment goes to a scammer. The safe and rules-compliant approach is always an official transfer into your own name.
A seller sent me a screenshot of their registration. Isn't that proof?
No. A screenshot proves nothing — it can be edited, recycled, or lifted from someone else's confirmation, and scammers use them precisely because they look convincing. Real proof is the bib being transferred to your name through the event's official system. If a seller's only evidence is an image and they want payment before any official transfer, treat that as a red flag rather than reassurance. The genuine sellers are the ones happy to go through the official process.
What if I've already paid a scammer?
Act fast. Contact your bank or payment provider immediately — if the payment was recent, some transfers can occasionally be stopped or disputed, especially if there's a name mismatch (which is how at least one runner's bank caught a fraud in progress). Report the account to the platform and to the race organiser, who may be tracking the scam. Realistically, irreversible payments to a stranger are hard to recover, which is exactly why the advice is to never use them in the first place — and why a verified, transfer-based marketplace exists.
Does BibBuddy guarantee I'll never be scammed?
No honest platform can promise that. What BibBuddy does is remove the conditions scammers rely on: it connects real runners rather than anonymous accounts, and it's built around official transfers so the bib ends up registered in your name rather than resting on a screenshot and a promise. That structural difference is what makes it safer than a Facebook DM — the safe path is the default path, not something you have to enforce alone against someone working to deceive you.
Why do scams spike when a race sells out?
Because scarcity creates urgency, and urgency lowers people's guard. Once a marathon sells out and a waitlist forms, there's a pool of runners desperate enough to act quickly and skip the usual checks — ideal targets. Organisers have noted that sell-outs are exactly when fake-bib accounts proliferate on social media. The irony is that legitimate spare places genuinely do exist (runners get injured, plans change), so the demand is real — which is all the more reason to meet it through a verified, official-transfer route rather than a risky DM.
Why is signing in with Apple or Google safer than a Facebook account?
Because those accounts are far harder to fake disposably. A Facebook profile is free, instant and effectively anonymous, which is exactly why scammers create them in bulk, use them for a sting, and throw them away. Sign in with Apple and Sign in with Google are tied to real, established accounts — created with phone verification and fraud checks, protected by built-in two-factor authentication, with the password handled by the provider rather than a small website. BibBuddy uses Apple and Google sign-in instead of throwaway email-and-password signups, which raises the cost of creating every fake account and strips away the cheap anonymity the Facebook scam model depends on. It doesn't make fraud impossible, but it makes the volume game scammers play far harder to run.
Real runners. Real bibs. Official transfers.
BibBuddy is the free community marketplace built so the safe way to get a bib is the easy way. Find a verified runner with a place to pass on — or list yours — without the Facebook scam risk.
Browse BibBuddy →Free · Built by runners, for runners