Week 3: Alleged payments on the Etsy sales platform

23.01.2024 - Last week, the NCSC received several messages concerning the e-commerce platform Etsy. Immediately after creating an account, new sellers receive a message, purportedly from Etsy, stating that the seller must verify payment before the shop can be activated. This, however, is a phishing message.

Founded in 2005, the Etsy sales platform is an e-commerce website and online marketplace for buying and selling handmade products, vintage and art supplies. Etsy is less well known than other sales platforms in this country. For this reason, attacks in connection with this platform have seldom been reported to the NCSC.

However, in the last few weeks in particular, there have been several reports concerning Etsy that point to the same pattern. This is a particularly perfidious phishing attack and is difficult to recognise. Not only are credit card details phished, the victim is also tricked into paying a sum of money.

New sellers targeted

The attack is aimed at new sellers who start a shop on Etsy. The attackers have found a way to quickly locate these new customers. In a test conducted by the NCSC, it was found that it took the fraudsters just 30 minutes to contact the new seller after they had started the shop.

The perfidious thing is that, in order to gain the new seller’s trust, the fraudsters contact them not by email but via Etsy's internal notification system, the chat. They select a name to make it appear as if the message comes from an internal support or verification centre. For example, in one case the surname ‘Verificativ’ was used, and the surname ‘Support’ has also been observed. This name is then displayed in the notification system, making it appear like an official request from the support team or an official verification procedure of the payment process.

False message indicating that payment traffic is blocked.
False message indicating that payment traffic is blocked.

Deposit required as a pretext

In a further communication, the fraudsters claim that verification of the future payment method is necessary before the shop is fully set up. The new seller is redirected to a page where they are asked to enter their credit card details. This triggers a payment – e.g. of USD 1,000. At the same time, the alleged support person assures the seller via Etsy's internal notification system that the credit card payment has not been directly booked, but the amount is merely a deposit, as is the case when you hire a car. They claim that the payment is being held provisionally and will not yet be booked.

The new seller is informed that their money is being held momentarily, and has not been debited.
The new seller is informed that their money is being held momentarily, and has not been debited.

The new seller is then immediately sent a second message, this time asking them to reverse the payment of USD 1,000. However, no payments are actually reserved or cancelled, but rather, payments totalling USD 2,000 are booked. When the victim asks for a telephone contact to discuss the matter, they are told that this can only be given on completion of the verification process.

In this type of fraud, the good faith of new platform users is shamelessly exploited through social engineering. New users usually have no knowledge of any of the service provider’s processes. Furthermore, the fraudsters win their trust by contacting them via the internal chat.


  • On Etsy, emails from support are placed in the "From Etsy" category. This makes it possible to detect whether the communication is legitimate.
  • Be careful when paying alleged fees;
  • Don't let yourself be pressured; take the time to check the payment terms of the service provider in question;
  • If you realise that you have made a fraudulent payment, contact the financial institution concerned immediately so that the payment can be blocked;
  • If you have suffered financial loss, report it to the cantonal police.

Last modification 23.01.2024

Top of page