Is Etsy Safe from Cyber Criminals?
More importantly, is Etsy doing enough to protect it's users from cyber criminals? From what I'm witnessing in 2022, the answer to that is a resounding no.
Over roughly the past two years organized groups of scammers have prolifically setup shop on Etsy. We've seen an increase of all users on the site, so this isn't surprising. Some of it Etsy is dealing with appropriately, and some of it they are either ignoring or taking a rather lax approach.
While there are quite a few scams, cons and crimes taking place on the Etsy marketplace every day (as there are all across the web), I've been closely following one particular issue for a few months now, one that I know Etsy knows about and yet appears to be blatantly allowing to prosper.
Here's the situation:
An organized group, likely spearheaded by a single organising individual, probably being run out of Asia or North Africa, are setting up new Etsy shops by the hundreds (thousands?) per week. These shops "sell" bundles of digital graphics made up entirely of trademarked and stolen copyright material. All of these shops have notifications all over their listings not to buy the item on Etsy, but to visit an independent website to make the purchase instead. And customers are incentivized to do so with seemingly huge discounts.
I've personally found approx 30-35 such independent websites being advertised on Etsy via these shops.
All of these websites look to match up in registration details and all of them contain false contact info to make them look like bonafide american owned businesses. But if you dig deeper, this falls apart quite quickly.
Aside from the blatant Etsy fee avoidance policy violation there is also an element of data theft and hacking going on with this group, both on and off of Etsy.
Not all the shops used by this group however are 'new' Etsy shops. Some of the shops have been hacked into and are pre-existing but currently inactive Etsy shops opened by well-intentioned sellers. Which raises a whole other set of questions, namely, how?
Etsy recently sent out an email reminding sellers to keep their accounts safe and provided a list of helpful tips on how to do so. But is this actually enough? Is Etsy doing everything possible to keep the site secure? Personally I don't think so. I think they could, and should be, doing a LOT more than they are.
Further to this is that all the customers being funneled off of Etsy to these independent websites are probably having their data harvested during checkout. I say probably, because I don't have hard proof for certain...
But this is a group of individuals who are clearly working in an organized fashion with each other, who have no problem violating Etsy's policies, no qualms about selling content they don't have a legal right to, and are presenting false information about who they are on these websites. I'd say chances are pretty good that they would also steal customer data for other nefarious activities. Even possibly as a way to get into their customer's Etsy accounts. All they need is a matching email and password.
So what is Etsy doing about all these shops violating their fee avoidance policy? And we're talking about thousands of accounts here, it's not some small little issue. Well, they are actually removing a lot of these shops. But for some reason the crooks are able to create more accounts than Etsy is able to remove with a manual reporting and investigation system.
I monitored the situation quite closely for two full months and in a six week period I reported and saw removed just over 1,100 shops. Another 150 shops that I have reported however still remain open today.
Two months on and there are just as many of these shops in existence as there was when I started looking at this, possibly more. No matter how many of these shops Etsy closes down, the same number or more are opened up immediately.
On the surface you might be inclined to think, well, Etsy has an impossible job then. If they can't keep up with it then it's a losing battle. But is it?
I have to wonder why Etsy hasn't deployed a bot to instantly remove these shops. It would be entirely possible to do, they all use roughly the same worded listings. They all have very clear identifiers to immediately separate them from legitimate shops. And why do some of the shops remain open even when they've been reported multiple times?
I have a few theories on both points but it all seemingly comes back to revenue. Sure, maybe Etsy really is just this inept. But, it just so happens that these cyber criminals are paying for advertising on all the shops they open. That's thousands of listings bringing in ad revenue on what appears to be very popular content.
Is that a coincidence or an incentive to look the other way?
If you haven't seen what this looks like, here is a screenshot on the type of listing I'm referring to:
I think we need to start asking some hard questions about how Etsy is working to protect its users both while on the platform and where and how they are directed off the site. But we also need to take a serious look at what Etsy is willing to allow on the site for the sake of a few dollars and to hold them accountable in areas where they are clearly failing.
This type of listing has no business being on
the site in the first place, but to allow it and thousands of others
like it to remain, to proliferate and prosper, is utterly outrageous.