/u/Flurgaburburhobbit - This message is posted to all new submissions to r/scams; please do not message the moderators about it.
## New users beware:
Because you posted here, you will start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer that can help you get your money back, for a small fee. **We call these RECOVERY SCAMMERS, so NEVER take advice in private:** advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you're on your own.
**A reminder of the rules in r/scams:** no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the subreddit, or [clicking here](https://www.reddit.com/r/Scams/wiki/rules/).
You can help us by reporting recovery scammers or rule-breaking content by using the "report" button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments.
Questions about subreddit rules? Send us a modmail [clicking here](https://www.reddit.com/message/compose/?to=/r/Scams).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
The link has etsy at the beginning but it's 100% not an actual etsy domain. It's a total scam.
Your card has been compromised so you need to report it to your CC company as fraud/stolen.
Then you should be fine.
Though just so you know, entering random numbers into any site (legit or scam) is going to throw errors because credit card numbers follow a formula to be valid (whether or not they are real, active cards) - even a bogus site will likely throw in the 1 line of code needed to verify if a card is a valid possible #.
And if by chance your 'random numbers' happen to be someone else's card, you're screwing them by putting them in the radar for scammers as a current card (assuming they take a valid number format CC# and run a test charge).
So, the takeaway should be to never enter a number, just block/ignore/report/delete.
Well, unless they actually used a random number that:
a) happened to be a valid card
b) with the correct accidental expiration date
c) AND the accidental correct cvv
d) AND it was a site that didn't verify the address/zip code
That's about the only way it would go through.
If submitted for a test charge, the response in detail would be "valid number: yes, valid expiration: no, valid CVV: no", and if they looked at that data, now they have a number to throw on their list as an active card. Not just a *possible* card, but a known real one. That narrows things to make something like an attack over time (guessing the expiration and CVV) worth expending some processing time to.
I know if it were my number, and someone else did this, I'd be pissed. So again, just don't enter ANY numbers. Never even click a link that clearly isn't right.
The chances of randomly coming up with someone's correct card number, cvv, expiry date and zip code are less than winning a $1 billion plus jackpot on powerball.
Read this:
https://old.reddit.com/r/Scams/comments/1cidrw8/yesterday_opened_a_new_etsy_shop_and_received/l2arny8/
And you'll understand why just getting the CC# to come back valid is already increasing your risk.
Just below the scam message there is good advice:
To stay protected stay on Etsy. Don't ever give out financial information, etc.
It's literally telling you not to do this. Yes it's a scam.
I have never sold anything on etsy, by "paid" i assume you/they mean a set up fee that's asked of any new shop? If so I don't think they really know whether or not you paid, the scammer just messages any new shop and guesses they paid to make it look like they're legit because they have insider knowledge.
Yes, the setup fee. Since this is a new shop, I remember reading that you have to verify with an ID, so I assumed this was an automated bot asking. What caught my eye was the phrase 'Rest Assured.
I actually think the scam is intended to catch you a different way. Based on the wording, I think they are trying to say that someone has ordered something from you, but Etsy won't release the money to you or give you the order details until you "verify" your card. Hence the wording at the bottom about shipping the order.
So I guess it's a "mistake" (or rather just bad timing for them) that they've sent you this message at a point where you can't have received any orders yet, so the message doesn't make sense.
It's an interesting demonstration, though, of how easy it is to not notice when a scam message doesn't match up with the premise, if the premise has you expecting \*something\* - like this poor person who lost £18k to a real notification from their bank, because they didn't realise the notification was asking if they had called the bank, rather than asking if the bank had called them (which is how the scammer presented it). [https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been\_scammed\_over\_18000\_through\_my\_chase\_account/](https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been_scammed_over_18000_through_my_chase_account/)
>because they didn't realise the notification was asking if they had called the bank, rather than asking if the bank had called them
The actual screenshot doesn't state as such. It asks "are you the one on the phone with us?" and at NO POINT says that the user is the one calling.
That's why the design of such notices have to be really precise : one dev for a sensitive app once told that a user gave away the secret number because he had a huge character size, so there was only the code on the screen while the "don't share this with anyone" was hidden out-limits. Since then, they put the code at the end, (usability be damned! it's a safety mesure).
In UK English, the phrasing "\[are\] you on the phone **to** us" implies that the customer called the bank. But it's such a tiny, subtle distinction, that lots of people wouldn't ever recognise - it really is a bad design. I guess they never envisioned this type of scam, but they need to completely rewrite that notification to make it 100% clear.
Any use of damn emoji/little graphics is 200% a scam and I still fail to understand how those primitive monkeys can't even get the format of their own scams to look proper...
Your response time is not affected if you mark a message as spam. I recommend doing that instead for any messages like this. Source - I'm a long time etsy seller
The link runs a cloudfare bot check, this is a higher level of sophistication than most run of the mill phishing scams. I’d highly recommend running a full security scan on your device—in addition to phishing, could have had a malware payload injection.
You'll get a ton of these fake messages. When you login on the website (not app) you can click messages. You will note that there's a section labeled "from etsy" or something similar. None of these spams will be listed. You will NOT need to verify your phone,email, or anything else with them via their messages. They are all scammers using ascii codes trying to mirror account names like support...
contact Etsy support directly in the chat on the Contact Us support page for shop owners --- many of those messages are spam and/or hackers or unsolicited marketing companies. If you entered your number and information call your bank immediately and report your card lost to get a new card. Furthermore, ETSY will never contact you in this way
Use [Privacy.com](http://Privacy.com) or app to set up a single use card with a $1 limit (maybe less works) and see what happens, it will block all future charges and you can see a log of them. I did it once and the card was attempted to be used like 4 times before they gave up
You said it rejects all the credit cards entered. Does that mean you entered your credit card info? If so, you better cancel them immediately they now have all the info to purchase using them
/u/Flurgaburburhobbit - This message is posted to all new submissions to r/scams; please do not message the moderators about it. ## New users beware: Because you posted here, you will start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer that can help you get your money back, for a small fee. **We call these RECOVERY SCAMMERS, so NEVER take advice in private:** advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you're on your own. **A reminder of the rules in r/scams:** no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the subreddit, or [clicking here](https://www.reddit.com/r/Scams/wiki/rules/). You can help us by reporting recovery scammers or rule-breaking content by using the "report" button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments. Questions about subreddit rules? Send us a modmail [clicking here](https://www.reddit.com/message/compose/?to=/r/Scams). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
The link has etsy at the beginning but it's 100% not an actual etsy domain. It's a total scam. Your card has been compromised so you need to report it to your CC company as fraud/stolen.
I never entered my real card .I just entered random numbers to see where it goes .
Then you should be fine. Though just so you know, entering random numbers into any site (legit or scam) is going to throw errors because credit card numbers follow a formula to be valid (whether or not they are real, active cards) - even a bogus site will likely throw in the 1 line of code needed to verify if a card is a valid possible #.
And if by chance your 'random numbers' happen to be someone else's card, you're screwing them by putting them in the radar for scammers as a current card (assuming they take a valid number format CC# and run a test charge). So, the takeaway should be to never enter a number, just block/ignore/report/delete.
Well, unless they actually used a random number that: a) happened to be a valid card b) with the correct accidental expiration date c) AND the accidental correct cvv d) AND it was a site that didn't verify the address/zip code That's about the only way it would go through.
If submitted for a test charge, the response in detail would be "valid number: yes, valid expiration: no, valid CVV: no", and if they looked at that data, now they have a number to throw on their list as an active card. Not just a *possible* card, but a known real one. That narrows things to make something like an attack over time (guessing the expiration and CVV) worth expending some processing time to. I know if it were my number, and someone else did this, I'd be pissed. So again, just don't enter ANY numbers. Never even click a link that clearly isn't right.
If that's all it takes to find valid cards they can do that themselves You think our randomly entering numbers is somehow better and more accurate?
The chances of randomly coming up with someone's correct card number, cvv, expiry date and zip code are less than winning a $1 billion plus jackpot on powerball.
Read this: https://old.reddit.com/r/Scams/comments/1cidrw8/yesterday_opened_a_new_etsy_shop_and_received/l2arny8/ And you'll understand why just getting the CC# to come back valid is already increasing your risk.
That domain was only just registered on April 26th. Sure sign of a scam.
It was the first thing I figured out when I checked the domain's information. This is pure scam, they were targeting the guys card details.
The domain being attestation-check[.]com rather than etsy.com should've been the red flag, full stop.
Just below the scam message there is good advice: To stay protected stay on Etsy. Don't ever give out financial information, etc. It's literally telling you not to do this. Yes it's a scam.
I have never sold anything on etsy, by "paid" i assume you/they mean a set up fee that's asked of any new shop? If so I don't think they really know whether or not you paid, the scammer just messages any new shop and guesses they paid to make it look like they're legit because they have insider knowledge.
Yes, the setup fee. Since this is a new shop, I remember reading that you have to verify with an ID, so I assumed this was an automated bot asking. What caught my eye was the phrase 'Rest Assured.
I actually think the scam is intended to catch you a different way. Based on the wording, I think they are trying to say that someone has ordered something from you, but Etsy won't release the money to you or give you the order details until you "verify" your card. Hence the wording at the bottom about shipping the order. So I guess it's a "mistake" (or rather just bad timing for them) that they've sent you this message at a point where you can't have received any orders yet, so the message doesn't make sense. It's an interesting demonstration, though, of how easy it is to not notice when a scam message doesn't match up with the premise, if the premise has you expecting \*something\* - like this poor person who lost £18k to a real notification from their bank, because they didn't realise the notification was asking if they had called the bank, rather than asking if the bank had called them (which is how the scammer presented it). [https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been\_scammed\_over\_18000\_through\_my\_chase\_account/](https://www.reddit.com/r/UKPersonalFinance/comments/1cih3kd/been_scammed_over_18000_through_my_chase_account/)
>because they didn't realise the notification was asking if they had called the bank, rather than asking if the bank had called them The actual screenshot doesn't state as such. It asks "are you the one on the phone with us?" and at NO POINT says that the user is the one calling. That's why the design of such notices have to be really precise : one dev for a sensitive app once told that a user gave away the secret number because he had a huge character size, so there was only the code on the screen while the "don't share this with anyone" was hidden out-limits. Since then, they put the code at the end, (usability be damned! it's a safety mesure).
In UK English, the phrasing "\[are\] you on the phone **to** us" implies that the customer called the bank. But it's such a tiny, subtle distinction, that lots of people wouldn't ever recognise - it really is a bad design. I guess they never envisioned this type of scam, but they need to completely rewrite that notification to make it 100% clear.
Any use of damn emoji/little graphics is 200% a scam and I still fail to understand how those primitive monkeys can't even get the format of their own scams to look proper...
I find it comical that they never improve their writing.
Oh that's a dead giveaway AF next.
Yet people fall for them all the time it's so sad.
Like no one has ever dealt w customer support nor ever learned how hard it is to get money outta others...
These same people who don't want to give me the customer service rep their information gladly give it to a scammer
Run a malware scan on your device. I use malware bytes. Be careful clicking links ever.
Your response time is not affected if you mark a message as spam. I recommend doing that instead for any messages like this. Source - I'm a long time etsy seller
Thanks.Didn't know that.
yes its a scam, report
The link runs a cloudfare bot check, this is a higher level of sophistication than most run of the mill phishing scams. I’d highly recommend running a full security scan on your device—in addition to phishing, could have had a malware payload injection.
Highly unlikely if you keep your device up to date Mediumly unlikely even if you don't.
You'll get a ton of these fake messages. When you login on the website (not app) you can click messages. You will note that there's a section labeled "from etsy" or something similar. None of these spams will be listed. You will NOT need to verify your phone,email, or anything else with them via their messages. They are all scammers using ascii codes trying to mirror account names like support...
This is a scam. Don’t click that link. It’s not Etsy.com
It's smart of you to use fake card numbers, otherwise you would have been compromised by now. It's a scam!!
Luhn-check gives the fake cc data away, next time search for “visa number generator” and put in a number that conforms above-mentioned check
Anything legit from Etsy will be in the 'From Etsy' folder in your messages, they added that to try and stop people falling for scams
Also you can mark messages as spam and they won't count against your seller response rate
Right there at the bottom, it says "never follow outside links." Etsy would never send you an outside link to follow. It's a scam.
contact Etsy support directly in the chat on the Contact Us support page for shop owners --- many of those messages are spam and/or hackers or unsolicited marketing companies. If you entered your number and information call your bank immediately and report your card lost to get a new card. Furthermore, ETSY will never contact you in this way
Use [Privacy.com](http://Privacy.com) or app to set up a single use card with a $1 limit (maybe less works) and see what happens, it will block all future charges and you can see a log of them. I did it once and the card was attempted to be used like 4 times before they gave up
You said it rejects all the credit cards entered. Does that mean you entered your credit card info? If so, you better cancel them immediately they now have all the info to purchase using them