MailGuard has successfully intercepted a phishing email targeting sellers on popular e-commerce platform Shopify. Titled “URGENT – Your shop if frozen and has been temporarily deactivated”, the email uses a display name of “Shopify”. It actually originates from a single compromised email address.
The body of the message includes a header containing Shopify’s logo and branding. It informs users that their account has been frozen due to failed payments and as a result, “potential customers can’t see your products or your site”. To solve this issue, it directs users to update their billing information via a link.
Here is what the email looks like:
Unsuspecting recipients who click on the link are redirected to multiple fake Shopify-branded phishing pages asking them for personal details, such as their email address, password and credit card details. Interestingly, all of these pages are hosted on a domain not belonging to Shopify, as per the below:
After inserting all the above fields, users are finally redirected to an actual Shopify store login page, hosted on the Shopify domain.
As more retailers close their physical stores in light of the COVID-19 pandemic, online shopping is booming among consumers – and this phishing scam is a good example of how cybercriminals are increasingly exploiting this spike in online activity to trick users.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
As you can see from the screenshots above, cybercriminals have employed multiple elements to trick recipients. Here are some of them:
- The use of an email subject like “URGENT – Your shop if frozen and has been temporarily deactivated”. This creates alarm and intrigue among recipients, who, in their panic, may not pause to check for the email’s legitimacy before clicking on the link in the email.
- The use of a display name like “Shopify” and the inclusion of Shopify’s logo and branding within the email. This helps to boost the credibility of the email as it is likely for sellers on the platform to receive official notifications like this, thereby not raising any alarm bells.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that the domain used in the phishing pages doesn’t belong to Spotify.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
