Scammers are often successful by getting their victims to voluntarily hand over their personal and financial information to them by tricking them rather than having to hack into the victims' accounts. A favorite target these days appears to be Etsy sellers, who are inundating industry boards with questions about the legitimacy of notifications made to look like they're coming from the company.
The fake notifications are convincing, informing sellers they must take action or else they won't receive any new orders or will stop receiving payments. A few excerpts of phishing notifications we've seen reported by Etsy sellers in industry boards include the following:
- "Hello, your shop is temporarily unable to accept new orders. To restore the shop and see new orders in your profile, please write your e-Mail address in the chat. You will be sent a notification where you can complete a simple verification."
- "Due to an update to our payment system and global security update, order processing for your account is currently suspended! You will need to identify your store. As soon as this is done, it will be back up and running normally. Please fill out this form to verify your store."
- "Your item has been paid for by the buyer, but an error occurred while processing the order, and the order cannot be displayed in your personal account, this is due to the update of the payment system on Etsy, please enter your email in this chat to get a customized form for confirming your store."
It appears some scammers use Etsy's messaging system to send a member-to-member message and use Etsy's logo as their icon to make it look like it is coming from an Etsy representative.
An Etsy spokesperson told EcommerceBytes, "At Etsy, we're dedicated to keeping our sellers and the Etsy marketplace safe," and included a
link to an August post it had published containing a few simple steps sellers could take to protect themselves and their businesses when it comes to account security.
"Additionally," the spokesperson said, "we recently introduced a new "From Etsy" section in Messages to make it easier for sellers to identify when they're receiving an official communication from Etsy or someone on the Etsy team," sharing a
link to an October post on the Etsy Announcement board.
In the post, Etsy acknowledged it had "recently seen increased reports from sellers who've received communications from individuals claiming to be Etsy employees."
A pop-up in Etsy Messages now reminds buyers and sellers: "There's a new section for messages from Etsy! Official messages that Etsy sends will show up in the "From Etsy" section. If you get a message that's not in this section from someone claiming to be Etsy, make sure to look for an authentic Etsy badge or "Etsy Staff" label before responding."
What if it's too late and a seller thinks they may have fallen for a phishing scam? The Etsy spokesperson said, "If a seller is worried that their account may have been compromised, they can contact the Etsy Support team and find answers to frequently asked questions using the Etsy Help Center."
Scammers aren't just targeting Etsy sellers, of course. For example, here's a scam message that targets business owners on Facebook made to look like it's coming from Facebook:
Important Notification:
Your Facebook page will be permanently deleted due to a post that infringes our trademark rights. We have made this decision after careful consideration and in compliance with our intellectual property protection policies.
If you believe this is a misunderstanding, please submit a complaint requesting the restoration of this page before it is removed from Facebook.
Request for Review: (URL redacted)
We understand that this may impact your current business objectives. If we do not receive a complaint from you, this will be our final decision.
Thank You,
This is a message from a temporary support agent with support id (redacted), please visit the link above and follow the instructions.
(C) Noreply Facebook. Meta Platforms, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 94025
For decades EcommerceBytes has advised readers, never click on a link in an email. That also applies to links in text messages - and in the messaging systems of online marketplaces as well.
The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Are Etsy Sellers Easy Marks for Scammers?
by: Rexford 
by: iheartjacksparrow