Important: Recent Suspicious Messages to Sellers

edited September 2017 in Chatter 8 LikesVote Down
We have recently become aware, that earlier today, an individual had created multiple accounts on our website, with the intention of messaging individual Sellers, indicating that they were having issues with a (non-existent) order. Furthermore, this individual indicated to the Sellers in question that they had contacted HipStamp Support, and HipStamp Support provided them with a zip file of screenshots of the order in question.

Please be advised that this individual is acting maliciously, and the information being provided by this individual is false. Furthermore, the URL which purports to have a zip file which needs to be downloaded - should absolutely not be downloaded - as the URL in question ( is not owned or operated in anyway by HipStamp. If you have received a similar message as described, please ignore the message, and do not attempt to download any files from this individual, as we do not believe it is safe to do so.

We have contacted the domain registrar in question and asked that this domain name be deactivated. We have also de-activated the accounts this individual has opened with us, deleted the messages in question, and are taking further action to protect our Sellers and community. We will post further updates on this issue within our forums.


  • 56 Comments sorted by Votes Date Added
  • How come I haven't received one? Just waiting to reply - " Sorry for your trouble. Please give me an address to send a refund. I only have a traveller's check for $200.00 so I am trusting you to send me back the balance minus your purchase price. I will apply some nice Nigerian stamps on my letter."
  • I want one - it shows somebody is viewing my listings?!?!?!?!?!?!?!?
  • Hi All,

    Just a quick update:

    - Any of the original messages on HipStamp have since been removed (although obviously we can not remove the original email copies any Seller may have received).
    - We have sent out an email to all Sellers notifying them of the information we previously posted in this thread.
    - We have now taken a series of additional steps to prevent similar behavior from malicious individuals in the future.
  • Thank you for this information - This confirms what I felt about the threat being targeted at Windows rather than Mac.
    Being a Mac user for the last 4 years, I have never had an anti virus on my system (although I keep some add-ons on my web browser, such as trafic light, wot, etc... that detect malware on internet pages and are meant to protect against fake web sites, etc...) Anyway, because I had opened the files and seen this JS java script run, I was a little worried about what it had done, and after changing all my passwords, etc... I have paid for and installed Norton for Mac, and I have now run a full scan of my computer - 100s of thousands of files scanned - Well, after a whole night running it has found not a single threat or malware, or virus on my computer, not even the odd tracking cookie. This, after 4 years using the computer without any form of anti virus other than the natural Mac safety protections. This, to me, goes a long way confirming the impression that Macs are a lot safer than Windows - But I am not complacent and I know that the security risks are growing for Mac users, so I'll be even more careful in the future.
  • I got one of the malicious emails in question. I want to point out that you can not rely on poor spelling and grammar to alert you when these emails appear in your inbox. Spear phishing is becoming incredibly sophisticated, with malicious actors researching their targets by organization, affiliation, or online records, and then delivering very sophisticated and genuine looking emails. NEVER EVER click on a link or an attachment in such an email that you are not expecting or do not KNOW is genuine. The first thing in this case would have been to go to your sales history, via direct login to HipStamp, to see if you did indeed have such a sale to such an identity.

    The real danger of course is that when you download an attachment or click on a link, you immediately compromise your machine with any number of possible forms of malware, up to and including root kits that basically take over and own your machine, and all your data on your machine is compromised, or encrypted and held for ransom, one of my favorites. Well, not really.

    The last ten years of my professional career in computing tech was spent trying to get the members in the larger organization I supported to listen to my advice on such emails, and educate them. It has gotten so bad now (I am retired, but recently spent two hours touring and getting an update from successor who took over six years ago), that the organization now sends such target spear phishing themselves to staff, to see who will fall for them, and educate them when they do. The embarrassment factor alone makes me wish I were still there to watch those who fall for the emails react when informed of what they have done.

    By the way, KUDOS to Mark and HipStamp staff who were fast and on top of this. I bow to their professionalism and immediacy.
  • Yes, I received 2 of them. Luckily I did not open them as my virus protection stated these were infected. In 20+ years on ebay this has never happened.........
  • Two different "0" users claiming they bought a stamp which they clearly did not.
  • Yep, I received one of these from a different user. I reported it to the Hipstamp helpdesk so maybe they can create a filter for this spam.

  • I reached out to HipStamp support and Mark regarding this a couple of minutes ago. The domain name does not belong to the company and was created this morning so it's definitely someone trying to cause trouble. In the case of the buyer that emailed me, his account was also created today so the story doesn't even make sense.
  • Received one today with a link, also reported it to hipstamp
  • Oops, didn't see this. Yes same here.
  • Hello,

    Justin here from HipStamp. We appreciate you alerting us to this. We are working to address this so it does not impact anyone else and should have it resolved shortly. If you receive the message posted above, please do not click the link in the message.

  • I just got one myself a couple of minutes ago, with the title "Reply urgently" from sender "centfassnetna1978".
  • I also received 2 of these - exact same text - different user names.
  • It appears that way. I just had three myself and when I tried to respond it erased the original messages. I didn't download the screenshots though.
  • It just happened to me too !! - The message came to my email and said Hipstamp support told them to send the problem to me. I logged in and saw the message and tried clicking on the link and my antivirus blocked it as a dangerous file. Then I went back to my messages and the message was gone. The stamp in the subject line of the message was the last stamp I had added in my inventory. The person had 0 feedback but now except for the email I got - there is no sign of this. I forward the email to support . Now I am concerned what were they trying to get at with that link. I guess I will change my password here and on PayPal. Steve
  • Yeah, I got one of those too. I knew it was nonsense - I received no such order or PayPal payment. When I went to look at the so-called screenshots, they were in some strange format, so I had my anti-virus software take a look. It went nuts, declaring it to be a virus.
  • I just responded to the other thread on this. - it just happened to me too !
  • I just got one of those too but had no virus issues (perhaps since I only tried to open their screenshots and didn't save them). I responded explaining that my store was on extended vacation but when I replied, I saw that my response went out of HipStamp and somewhere else and there was no record of either the inbound or outbound message on the HS site. ...guess I should run my anti-virus programs....sigh.....
  • I got one too. Anti-virus software blocked it.
  • Here too. I received two separate, different messages. Did not click on anything.
  • I just opened a discussion item on this as I just received one. Did not see your post before I opened it.
  • I received the same message with a different sender name: "flavympano1983." Very dangerous looking. Users BEWARE!! DO NOT RESPOND in any way shape or form.
  • edited August 2017 0 LikesVote Down
    I received a similar message from muticdolans1984
  • I received the same message from Heiraunamen 1976
  • OMG, I just received three emails before I even saw this on the boards.

    Mine are from: lyuzutechanch1975, doparepub1978 and centfassnetna1978

    I did open a ticket about this situation. I'm also doing a full computer scan to hopefully remove any badness.
  • I've had two of them. One was posted earlier by another post on this thread and one from a cravwahongphy1974. If you click on that link it downloads a zip file, which nothing on earth would ever get me to open. Beware!
  • I just received a weird email this morning that does not even remotely 'smell' right -- some HipStamp member with ZERO FEEDBACK, and for whom English does not seem to be his primary language, is claiming he paid me for an item recently but has not received it. The email contains a link which I DID NOT click on.

    Screen Shot 2017-08-25 at 9.45.58 AM copy

    Has anyone else received a similar email this morning? I figured Mark and the HipStamp team would like to see this!
  • In the last hour, I have received messages from sellers with 0 feedback saying they bought stamps and never received them. They sent screenshots of the account. When I downloaded them my antivirus went crazy. Anyone else having this issue.
Sign In or Register to comment.