This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes.
As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers.
Unfortunately, a new scam is making the rounds, and it’s crucial to recognize the warning signs before you fall victim. In this post, we’ll walk you through exactly how this scam works, show you what to watch out for, and give you tips on keeping your Etsy account secure.
The scam usually starts with an email/message that appears to be from Etsy’s support team, with what looks like an official invoice in PDF format attached. The PDF is hosted on etsystatic.com, which is particularly alarming given it’s a legitimate domain that Etsy uses for static content. This clever detail makes the file seem even more trustworthy, catching unsuspecting sellers offguard.
Despite this, there are still some red flags to look for:
Inside the PDF, there’s often a clickable link urging you to “confirm your identity” or “verify your account.” If you click through, you’re taken to a website that, at first glance, looks very much like an official Etsy support page.
Here’s where you need to be extra vigilant:
In the final step, the counterfeit page will prompt you to enter your credit card details, supposedly to “confirm your billing information” or “validate your seller account.”
This is an immediate red flag: Etsy never requires you to provide credit card information for identity verification outside of its standard, secure payment setup. If you provide these details, scammers can use them to make unauthorized purchases—or sell them on underground markets.
How to protect yourself from Etsy scams
Indicators of Compromise (IOCs)
Below are some known IOCs associated with this fake invoice scam. (Please note these are examples, and actual IOCs can vary over time.)
com-etsy-verify[.]cfd
etsy-car[.]switchero[.]cfd
etsy[.]1562587027[.]cfd
etsy[.]3841246[.]cfd
etsy[.]39849329[.]cfd
etsy[.]447385638[.]cfd
etsy[.]57434[.]cfd
etsy[.]5847325245[.]cfd
etsy[.]6562587027[.]cfd
etsy[.]6841246[.]cfd
etsy[.]72871[.]cfd
etsy[.]7562587027[.]cfd
etsy[.]8841246[.]cfd
etsy[.]92875[.]cfd
etsy[.]9438632572[.]cfd
etsy[.]948292[.]cfd
etsy[.]97434[.]cfd
etsy[.]984323[.]cfd
etsy[.]checkid1573[.]cfd
etsy[.]chekup-out[.]cfd
etsy[.]coinbox[.]cfd
etsy[.]fastpay[.]cfd
etsy[.]offer584732[.]cfd
etsy[.]offer62785[.]cfd
etsy[.]offer684732[.]cfd
etsy[.]paylink[.]cfd
etsy[.]paymint[.]cfd
etsy[.]paywave[.]cfd
etsy[.]requlred-verlfication[.]cfd
etsy[.]requstlon-verflcation[.]cfd
etsy[.]web-proff-point[.]cfd
verlflcation-etsy[.]cfd
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
