Fake Bumble Account-Security Email and Login Phishing
Phishing emails impersonating Bumble warn of account suspension or security issues, directing users to fake login pages that capture credentials for account takeover.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
Bumble accounts contain match history, conversation content, linked social profiles, and phone number verification — information that scammers can exploit for harassment, identity building, or resale. Credential-theft campaigns targeting Bumble users use fake account-security alerts to pressure recipients into 'securing' their account through a phishing link.
The fake alerts use Bumble's yellow branding and mimic the app's notification style. They claim the account has been flagged for an unspecified policy violation, that a new device sign-in was detected, or that the account will be permanently deleted unless verified.
Bumble's genuine security notifications are delivered through the Bumble app's notification system or by email from @bumble.com. Account-security processes are handled within the app, not via external links requesting credentials.
How this scam works on the Bumble brand
The phishing email arrives from a domain that resembles bumble.com but uses slight variations. It creates urgency — 'Your Bumble account will be suspended in 24 hours unless you verify your identity' — and includes a 'Verify Now' button linking to a fake Bumble sign-in page.
After credentials are entered, the attacker changes the account's linked phone number and email, locking the real owner out. They may then use the account to send scam messages to the victim's existing matches, run romance scam conversations, or harvest personal information from open chats.
Some variants target Bumble Business or Bumble BFF users specifically, claiming a different type of policy review to broaden the audience of plausible targets.
Common red flags
- Account-suspension email from a sender that is not @bumble.com
- A 'Verify Now' link leading to a domain that is not bumble.com
- No corresponding security notice in the Bumble app when you open it directly
- Unusual urgency: account deleted in 24 hours
- The email addresses you by email address rather than your Bumble display name
How to protect yourself
- Open the Bumble app directly to check your account status — do not use links in security emails
- If no issue appears in the app, the email is fake — mark it as phishing and delete it
- Enable two-factor authentication on your Bumble account under Settings > Security
- If your account was taken over, contact Bumble support at support.bumble.com immediately
How to report it
- Report phishing emails to Bumble at support.bumble.com
- Report to the FTC at reportfraud.ftc.gov
- If your account was accessed and used to contact your matches, they should be notified so they do not engage with the attacker
Frequently asked questions
How do I tell if a Bumble security email is genuine?
Check the sender's full email address — it must end in @bumble.com. Then open the Bumble app directly. If your account has a real issue, a notification or message will appear there. If the app looks normal, the email is phishing.
My Bumble account sent messages to my matches that I did not send. What happened?
Your account was likely compromised. Contact Bumble support immediately at support.bumble.com to regain access. Also inform your matches that the messages did not come from you so they are not deceived or harmed.