This is a known problem? There should be something done about this. It is so easy to get someone to download a spec sheet.

What can be done? 

You can't stop buyers from sending messages. 

Some sellers do require files from the buyer, so you can't stop them from sending files/attachments. I have certain products that require the buyer to send me images for printing. 

All you can do is warn people and hope they take heed. There is normally at least a post each week with some sort of warning. Like yours here. Hopefully your warning will get the attention of some people in the forums and may help stop at least a few of these scams from happening. 

@audreytherese I think firstly .zip files should never be allowed to be uploaded. Secondly a PDF/jpg/mov/avi previewer should be built into the messaging system so no file needs to be downloaded. If these two could be evaluated as a security upgrade, it would help greatly!

Ummmm....ok. Sounds so simple. Good luck with that. Pretty sure it would actually be easier to continue warning people.

Does that include zip files that digital creators sell? Because I've definitely opened probably hundreds of zip files through here that were purchased as digital downloads. Most digital sellers already have enough trouble with the maximum file size limits on here, even when zipping them, and many customers don't like having to go off site to download their purchased files. 

@audreytherese I think you are definitely right. It would be easier to warn.

I hope to clarify my statement. I dont want to stop sharing files. Just block .zip files or .rar files that can hide anything.

Let sellers and buyers upload multiple files within the ETSY ecosystem somewhat like google drive and have the ability to preview them without downloading. You can still download if needed but at least a secondary warning can be put in place or even better, a malware scanner. ( btw these are things that are done on other file sharing/hosting platforms )

I'm going to do my part and propose the technical upgrade as a security measure. Im sure its something ETSY already knows but if more voices are heard, resources can be allocated. AND im going to continue warning as per your recommendation!

Etsy is an amazing ecosystem and some of the custom orders I get are a privilege. I nearly clicked this link but then the warning signals of "too good to be true" kicked in. So close...

That last sentence of not being able to unzip the file. If the buyer has a legit problem, they should be contacting the seller of the file for help, not you. Even when you told them no, they kept pushing. Good catch. This one was well written.

Urggh. So angry right now about this. They are getting so good at this. I know so many people who if faced with this would lose their account just for being nice trusting human beings.

I count myself as savvy and I nearly fell for it. Especially in these economic times. A business opportunity makes us gullible to offers and that is what these vultures prey upon. We have to keep reminding ourselves and be vigilant.

I had a similar experience today. I was very excited to hear from a buyer after so long. They were asking me questions about a link that I thought was one of my products. It was a very natural conversation. I clicked it and it downloaded a zip file. I did not understand. But upon replying to the person, the account was invalid. I immediately learnt from the forum that it is a scam, deleted the file, the chats and scanned my phone. I am still feeling anxious about it. 

Appreciate it @ModFabio . I did not want to reveal the username here as it may be a breach of the customers privacy if I was wrong. You can see it in my flagged messages. I have already done so and did not reply to the scammer.

I dived into this for the moment but do the security measures secure against session token copiers? That was a most scary revelation to me that your access can be taken away without your passwords or auth keys being compromised.

Anytime! I'm just gonna remove the excerpt from the conversation, however - technically it qualifies as a private conversation, hence I mentioned the gist of this bad actor's MO.

Got it. I added a non verbatim summary for the benefit of others who browse through. More need to know of this situation. I just read so many posts where people have lost their livelihoods when their account gets hacked. heartbreaking.

I had the same situation a week ago. I was urged to click on the link. Where can I report this user?

@lalarossa I believe reporting as spam is sufficient. They get flagged removed and I do hope IP blocked.

@RAAQUU
No, that's not enough. No one at Etsy checks spam. Besides, sending spam messages does not block the user. Sometimes it happens that a client sends me two of the same messages. I'm sending one to spam so I don't have to reply to both. the client can still send me messages. I am asking how can I report this account to etsy to check it.

@lalarossa I stand corrected. I too would like to know @ModFabio