Fake Etsy invoices have the capability of tricking people

This particular scam is one that I would not blame people for falling for.

It uses similar etsy domains including one that Etsy uses themselves.

May I make something clear? I am not a member of the site, so I do not know how it works, although it may be similar to Paypal and other companies to where they greet you by name or company name.

According to the article,

The scam usually starts with an email/message that appears to be from Etsy’s support team, with what looks like an official invoice in PDF format attached. The PDF is hosted on etsystatic.com, which is particularly alarming given it’s a legitimate domain that Etsy uses for static content. This clever detail makes the file seem even more trustworthy, catching unsuspecting sellers offguard.

The email has signs that there it could be a problem.

• The email uses language like “Dear Seller” or “Hello Etsy Member”, instead of addressing you by your Etsy shop name or username
• The sender’s email address doesn’t end in @etsy.com, or has suspicious variations (extra numbers or letters)
• Phrases like “immediate action required” or “your account will be closed” that rush you into clicking. This is a common scare tactic.

The article does state that the PDF could contain a link to verify your identity. Etsy, Paypal, Target, Walmart and other places have steps in place to verify who you are. Please make sure that you follow those and not an email you get out of the blue.

Here are some pointers to look for and that you need to check.

• The web address might look similar to etsy.com but could include extra words, missing letters, or unusual extensions (e.g., verlflcation-etsy[.]cfd).
• The site may ask for more information than Etsy would normally request for verification – like your full name, address, and even your credit card details.
• Real Etsy pages usually have fully working navigation and other standard features. Scam sites often have broken or non-functioning links.

I think I’ve seen the last item in a page that said it was apple as I was curious. The page I think lead to apple specific pages, but that was many years ago. That’s why its good to check where you’re going.

If you know the Etsy page’s web site directly, go there.

Etsy, as well as other sites don’t use credit cards for standard verification. If they do, its usually said so like for age verification and a pending charge for a buck that will never post.

Here is what to look for:

• Check the “From” field in emails to make sure it comes from a legitimate Etsy address.
• Rather than click on the links inside the email, open a new browser and go directly to etsy.com instead and navigate there
• Question any urgent or unusual requests: Legitimate platforms do not ask for full credit card information for verification via a PDF link or email.
• Use Malwarebytes Browser Guard to protect you from malicious websites, card skimmers, ads, and more. Browser Guard already blocks the domains in this article.
• If something feels off, reach out to Etsy’s official support directly. They can confirm whether any invoice or verification request is real. This won’t protect your credit card data if you hand it over, but it does help secure your Etsy account from unauthorized logins.

Here are some known Indicators of Compromise web pages that could be out to get you. Remember to check that domain.

The TLD may be new to some people, but I’ve seen spam coming from this TLD. Before looking at the list nbelow, can you name the TLD?

• com-etsy-verify[.]cfd
• etsy-car[.]switchero[.]cfd
• etsy[.]1562587027[.]cfd
• etsy[.]3841246[.]cfd
• etsy[.]39849329[.]cfd
• etsy[.]447385638[.]cfd
• etsy[.]57434[.]cfd
• etsy[.]5847325245[.]cfd
• etsy[.]6562587027[.]cfd
• etsy[.]6841246[.]cfd
• etsy[.]72871[.]cfd
• etsy[.]7562587027[.]cfd
• etsy[.]8841246[.]cfd
• etsy[.]92875[.]cfd
• etsy[.]9438632572[.]cfd
• etsy[.]948292[.]cfd
• etsy[.]97434[.]cfd
• etsy[.]984323[.]cfd
• etsy[.]checkid1573[.]cfd
• etsy[.]chekup-out[.]cfd
• etsy[.]coinbox[.]cfd
• etsy[.]fastpay[.]cfd
• etsy[.]offer584732[.]cfd
• etsy[.]offer62785[.]cfd
• etsy[.]offer684732[.]cfd
• etsy[.]paylink[.

]cfd

• etsy[.]paymint[.]cfd
• etsy[.]paywave[.]cfd
• etsy[.]requlred-verlfication[.]cfd
• etsy[.]requstlon-verflcation[.]cfd
• etsy[.]web-proff-point[.]cfd
• verlflcation-etsy[.]cfd

If you guessed .cfd, you’re right. Watch Out for fake Adobe apps for PC from 2022 talks about this TLD in an Adobe related article.

One of the more popular domains we’ve used is .xyz as examples, but then again, they have been used. This … is going to get very interesting.

Be aware. Be alert. Stay safe. Check those links.

Fake Etsy invoice scam tricks sellers into sharing credit card information  is the complete article thanks to the Malwarebytes newsletter.

Thanks for reading!