Emails with fake invoices are using a legitimate Etsy domain, making it more difficult to detect scams.
Scammers are targeting small businesses by impersonating the e-commerce company Etsy and using counterfeit details to deceive sellers. According to research from Malwarebytes, sellers receive emails containing fake invoices that mimic Etsy, attempting to steal their credit card details.
The scam usually starts with an email that appears to be from Etsy’s support team. Inside the email, there’s a fake invoice in PDF format.
In a particularly alarming twist, as noted by Malwarebytes, the PDF is hosted onetsystatic.com, a legitimate domain that Etsy uses for static content.
However, several red flags may reveal a scam. The email typically says “Dear Seller” or “Hello Etsy Member” instead of addressing a user with an Etsy shop name or username.
In addition, the email of the sender isn’t @etsy.com and may have numbers included. Phrases like “immediate action required” or “your account will be Closed” may be used to generate urgency.
If these warning signs are missed, a few more red flags can be seen after users are directed to a website imitating Etsy’s. The link to the website is included in the PDF document urging users to “confirm your identity” or “verify your account.”
Additional symbols in the fake Etsy domain name may be used. The site may not be fully functional and may ask for additional information, including name and address.
In the final step, the counterfeit page will prompt a user to enter credit card details, supposedly to “confirm your billing information” or “validate your seller account.”
If you’ve received suspicious messages from Etsy or other platforms, you’re advised to pay attention to recipient and domain names, not enter your credit card details, and contact official support if necessary.
Your email address will not be published. Required fields are markedmarked