This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes.
As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers.
Unfortunately, a new scam is making the rounds, and it’s crucial to recognize the warning signs before you fall victim. In this post, we’ll walk you through exactly how this scam works, show you what to watch out for, and give you tips on keeping your Etsy account secure.
The scam usually starts with an email/message that appears to be from Etsy’s support team, with what looks like an official invoice in PDF format attached. The PDF is hosted on etsystatic.com, which is particularly alarming given it’s a legitimate domain that Etsy uses for static content. This clever detail makes the file seem even more trustworthy, catching unsuspecting sellers offguard.
Despite this, there are still some red flags to look for:
- The email uses language like “Dear Seller” or “Hello Etsy Member”, instead of addressing you by your Etsy shop name or username
- The sender’s email address doesn’t end in @etsy.com, or has suspicious variations (extra numbers or letters)
- Phrases like “immediate action required” or “your account will be closed” that rush you into clicking. This is a common scare tactics.
Inside the PDF, there’s often a clickable link urging you to “confirm your identity” or “verify your account.” If you click through, you’re taken to a website that, at first glance, looks very much like an official Etsy support page.
Here’s where you need to be extra vigilant:
- The web address might look similar to etsy.com but could include extra words, missing letters, or unusual extensions (e.g., verlflcation-etsy[.]cfd).
- The site may ask for more information than Etsy would normally request for verification – like your full name, address, and even your credit card details.
- Real Etsy pages usually have fully working navigation and other standard features. Scam sites often have broken or non-functioning links.
In the final step, the counterfeit page will prompt you to enter your credit card details, supposedly to “confirm your billing information” or “validate your seller account.”
This is an immediate red flag: Etsy never requires you to provide credit card information for identity verification outside of its standard, secure payment setup. If you provide these details, scammers can use them to make unauthorized purchases—or sell them on underground markets.
How to protect yourself from Etsy scams
- Check the “From” field in emails to make sure it comes from a legitimate Etsy address.
- Rather than click on the links inside the email, open a new browser and go directly to etsy.com instead and navigate there
- Question any urgent or unusual requests: Legitimate platforms do not ask for full credit card information for verification via a PDF link or email.
- Use Malwarebytes Browser Guard to protect you from malicious websites, card skimmers, ads, and more. Browser Guard already blocks the domains in this article.
- If something feels off, reach out to Etsy’s official support directly. They can confirm whether any invoice or verification request is real. This won’t protect your credit card data if you hand it over, but it does help secure your Etsy account from unauthorized logins.
Indicators of Compromise (IOCs)
Below are some known IOCs associated with this fake invoice scam. (Please note these are examples, and actual IOCs can vary over time.)
com-etsy-verify[.]cfd
etsy-car[.]switchero[.]cfd
etsy[.]1562587027[.]cfd
etsy[.]3841246[.]cfd
etsy[.]39849329[.]cfd
etsy[.]447385638[.]cfd
etsy[.]57434[.]cfd
etsy[.]5847325245[.]cfd
etsy[.]6562587027[.]cfd
etsy[.]6841246[.]cfd
etsy[.]72871[.]cfd
etsy[.]7562587027[.]cfd
etsy[.]8841246[.]cfd
etsy[.]92875[.]cfd
etsy[.]9438632572[.]cfd
etsy[.]948292[.]cfd
etsy[.]97434[.]cfd
etsy[.]984323[.]cfd
etsy[.]checkid1573[.]cfd
etsy[.]chekup-out[.]cfd
etsy[.]coinbox[.]cfd
etsy[.]fastpay[.]cfd
etsy[.]offer584732[.]cfd
etsy[.]offer62785[.]cfd
etsy[.]offer684732[.]cfd
etsy[.]paylink[.]cfd
etsy[.]paymint[.]cfd
etsy[.]paywave[.]cfd
etsy[.]requlred-verlfication[.]cfd
etsy[.]requstlon-verflcation[.]cfd
etsy[.]web-proff-point[.]cfd
verlflcation-etsy[.]cfd
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.