Etsy Seller Payment Scam (Fake Order Notification)
This phishing page is designed to target Etsy sellers by impersonating a legitimate order notification. The page mimics Etsy’s interface and claims that a buyer has purchased an item—in this case, “Jeans schwarz mit …” for €79.50—and that the payment is awaiting release.
How it works:
The victim (an Etsy seller) receives an email or a direct message with a link to this page, claiming a buyer has placed an order. The page shows fake buyer details (name, address), a fabricated order summary, and a “Payment status: Receiving funds” message. To “proceed to receiving” the funds, the seller is prompted to enter sensitive financial information—most likely credit card details, bank account information, or login credentials on the next screen.
The goal:
Instead of receiving a legitimate order, the seller unknowingly hands over their payment credentials or login details to the attacker. Because the page looks like a genuine Etsy order confirmation, sellers who frequently manage orders may click through without suspicion.
Red flags to watch for:
Unsolicited link: The page is accessed via a link from an email or message, not through the official Etsy dashboard or app.
Fake payment status: Etsy does not display “Receiving funds” in this manner; legitimate payment processing occurs within your seller dashboard, not on a standalone page accessed via an external link.
Buyer details: The name and address shown (e.g., “Ernestine Herz”) are often fabricated or generic.
“Proceed to receiving” button: This is a fake call-to-action designed to lead to the credential-harvesting form. On the real Etsy site, sellers do not need to click an external button to “receive” funds—payments are automatically processed.
URL mismatch: The page is hosted on antiphishing.biz (your own site), but in a real attack, it would be on a fraudulent domain. Sellers should always check that the URL matches etsy.com before entering any information.
What to do if you encounter this:
Do not click “Proceed to receiving” or enter any personal, banking, or login information.
If you are an Etsy seller, always log in to Etsy directly by typing etsy.com into your browser and checking your Shop Manager → Finances → Payment account for real orders.
Report the phishing attempt to Etsy’s trust and safety team by forwarding the original email or link to [email protected].
This scam exploits the trust sellers place in order notifications. Staying vigilant about checking URLs and verifying orders directly through the official platform can prevent account takeover and financial loss.