Phishing emails: Emails pretending to be sent by Shopify
As a Shopify merchant, you may have received some suspicious emails that appear as if they have been sent by Shopify. However, upon closer inspection of the email, you will notice that it lacks a valid Shopify email address as the sender and looks somewhat odd.
In this scenario, you have likely encountered a phishing email. Let’s take a closer look at what phishing means, how these emails can appear, and what actions you can take to safeguard your store, data, and finances.
One of the phising practices is to send deceptive communications that mimic a trustworthy and respected source (like Shopify in our situation), commonly done through email and text messaging. The aim of the attacker is to steal your money, acquire access to confidential data and login details, or install malware on your devices.
How can fraudulent Shopify emails look like?
At first glance, you might believe that the email originates from Shopify. However, upon closer examination of the email, you may observe that:
- The email’s design looks odd and doesn’t entirely align with Shopify’s established design.
- The sender’s email address lacks the “shopify.com” domain.
- The language used is vague, employing general terms, and may lack greetings, featuring grammar mistakes and misspellings.
- The subject line may contain alarming language such as “Urgent”, “Cancel”, “Act now”, and similar phrases.
In numerous cases, the email might prompt you to take one of these actions:
- Click a scam link (e.g., for payment, order review, etc.).
- Download a file (e.g., an invoice).
- Open an attachment (e.g., a screenshot).
- Respond by providing sensitive information (such as login credentials or personal details).
In no circumstances should you click any of the links provided in the email! Don’t disclose your account details, banking information, or any other sensitive data via email. Should Shopify require any personal information (e.g., for verification purposes), this process is typically done directly through your secure Shopify admin using a designated and protected upload feature!!!
Examples of Shopify scam emails
Here are some examples of what the scam emails might look like (I’ll add more as I get them).
Example 1: [Urgent] Shopify - Act Now
Sender: Amanda(Shopify) firstname.lastname@example.org
Text: Your credit card company declined a charge of $47.90 USD.
Please take note of the sender’s email address – you can’t even see the “shopify.com” domain there. Also, observe that there is no greeting, and the tone of the email is extremely alarming. Plus, the email is “an image”, it’s not a text.
What to do if you receive a scam
If you’re uncertain whether an email has originated from Shopify or if it’s potentially a scam, feel free to reach out to Shopify for additional clarification. Remember, if an email appears suspicious, refrain from clicking on any of the links within the email or downloading any attachments!
Here’s a list of actions you can take to safeguard your store:
- Enable two-factor authentication.
- Use a strong password.
- Don’t share your password with anyone else (instead use staff accounts)
- Make sure your wifi is secured, be careful when you use public Wi-Fi.
- Check any orders that seem strange, and try reaching out to the customer. If you’re not sure, think about canceling and giving a refund for orders that look odd to avoid chargebacks.
- Review your banking details for Shopify payments to make sure that everything is set up correctly.
To sum up, I hope this article helped you grasp how phishing emails might show up and what to do if you get an email pretending to be from Shopify. Feel free to share your experience and send me a screenshot of a phishing email – I’ll include it in the article.