Chrome domain phishing warning when redirecting to checkout

ValeM · ‎12-20-2023

We have a website that uses Shopify's API and checkout.

Our domain is xxxx.com and the checkout domain is xxxx-com.myshopify.com

We've noticed today that our users are randomly getting this notice on chrome when going to the checkout:

Did you mean xxxx.com?
The site you just tried to visit looks fake. Attackers sometimes mimic sites by making small, hard-to-see changes to the URL.

This is a terrible situation for our business and it wasn't happening before. Can you help us fix this?

Best, Valeria

L521 · ‎01-11-2024

I'm getting this notification as well with my Shopify Hydrogen storefront. Chrome doesn't throw a warning when in incognito mode.

Google Chrome

Version 120.0.6099.199 (Official Build) (x86_64)

samuelgalloo · ‎01-19-2024

We encounter the same issue on all our 5 shops and Shopify Plus seems to not be conscient how the problem will be massive for all Shopify shops if they don’t do anything.

We found why this problem occurs : https://chromium.googlesource.com/chromium/src/+/master/docs/security/lookalikes/lookalike-domains.m...

jpdupere · ‎01-23-2024

Same problem here with Hydrogen storefront, when visiting the myshopify checkout url...

Chrome domain phishing warning when redirecting to checkout

Chrome domain phishing warning when redirecting to checkout

Community Blog Articles