Back in late 2022 I wrote a post about a particular con that was
proliferating on Etsy that had to do with scammers diverting customers
away from Etsy to their own fake websites for the suspected intent of
harvesting customer data while under the guise of selling copyright and
trademarked digital graphics.
Thankfully, Etsy seems to have finally managed to get this particular ruse more or less under control.
Unfortunately,
Etsy accounts continued to be taken over by 'hackers'. Most of the
affected accounts are shops that aren't currently active allowing for
the hackers to get up to mischief using the account without the original
shop owner noticing for quite some time.
This particular problem has been going on for a few years but ramped up more significantly in 2022-2023.
Etsy
is finally taking some action to protect the platform and sellers from
this by setting a time-frame for closing inactive shop accounts. But
only for shops that have been inactive for 4+ years - and by inactive
they are referring to whether the account has been logged into or not.
Personally I think they should be a bit more robust with this given that
cyber crimes are rising exponentially.
My advice for
anyone who has paused their Etsy shop for any length of time would be to
keep a close eye on it. And everyone should ensure that they are using
strong passwords as well as the two factor authentication option.
Because Etsy has been a security risk of late I've made sure to use a
unique password for my account, one that is not used anywhere else. (a
lot of 'hacked' shops were likely accessed through stolen data via scams
such as that mentioned above)
If you've been paying
any attention at all you're probably also aware of the mass
proliferation of scam messages being sent through Etsy's internal convo
system. Because this internal messaging system is not setup with the
same robust programming as actual email it was a very soft target that
has had a huge impact on unsuspecting sellers.
Scammers
are still targeting new seller accounts pretending to be Etsy asking
for account verifcation. I'm not going to go into all the details of
each version this has propagated as there are just too many. You can
find very specific details in the Etsy forum simply by searching for the
word 'scam'. How this generally works though is that the scammer,
pretending to be Etsy, scares the brand new shop owner into thinking
there is a problem or that they need to take a particular action to keep
their account open. They direct the seller off of Etsy through cleverly
cloaked pages and one way or another convince the seller to willingly
hand over money on the basis of a verification process.
So
many people have come forward admitting to be caught out by this and
being taken for hundreds of dollars. It's both sad and scary. A terrible
lesson to learn the hard way and probably devastating for those
affected.
Etsy has been taking measures to slow the
scammers down although they have yet to eliminate the problem
altogether. While it did take them longer than anyone would have liked
to proactively deal with the situation, they are currently testing
several measures to assist sellers in identifying scam messages, while
also dealing with the scammers directly.
One of the more
useful changes Etsy has made to help us out is to label messages that
are coming from a buyer account - a message pretending to be Etsy
labelled as "from a buyer" is therefore obviously a scam. They are also
ensuring that any legit messages from Etsy can be cross referenced for
authenticity by looking for it in the new 'From Etsy' folder in your
message portal via the website (it's not currently available via the
app).
There are two key pieces of advice for anyone
unsure of the messages coming into their Etsy inbox. The first is -
don't panic! This is exactly what the scammers are trying to get you to
do so that you make poor decisions without thinking things through.
Press pause on your reactions to any message and stop to think it
through, nothing is going to blowup on you in the 10 minutes it might
take for you to assess the situation!
The second piece
of advice is this... no platform, anywhere, regardless of what it is,
will have you go off their site to complete any actions. Any
requirements you might need to take for verification or otherwise will
be shown directly in your account dashboard right on the site in
question. Etsy is no different in this regard than any other platform -
this is standard security. If you get a message about a problem with an
order - go to the order tab in your account - if there is legitimately a
problem it WILL show up there.
This is the same for any banking or identity verification - on any site
- that request will appear right in your account dashboard. If it
doesn't, it's most likely not real. If ever a platform is using a third
party (Etsy uses third parties for the actual verification process) that
information will be provided in your account dashboard. It will
not be a surprise! And it will be integrated into the site's pages
directly, not sent via a message where you click a link to somewhere
else.
ALWAYS check inside your account for information to verify the validity of the request.
And if you are still confused or worried, reach out in a forum to ask others for input :)
Stay safe
Shawnna